CVE Vulnerabilities

CVE-2013-1799

Published: Apr 02, 2013 | Modified: Nov 07, 2023
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM

Gnome Online Accounts (GOA) 3.6.x before 3.6.3 and 3.7.x before 3.7.91, does not properly validate SSL certificates when creating accounts for providers who use the libsoup library, which allows man-in-the-middle attackers to obtain sensitive information such as credentials by sniffing the network. NOTE: this issue exists because of an incomplete fix for CVE-2013-0240.

Affected Software

Name Vendor Start Version End Version
Gnome_online_accounts Gnome 3.6.0 (including) 3.6.0 (including)
Gnome_online_accounts Gnome 3.6.1 (including) 3.6.1 (including)
Gnome_online_accounts Gnome 3.6.2 (including) 3.6.2 (including)
Gnome-online-accounts Ubuntu devel *
Gnome-online-accounts Ubuntu oneiric *
Gnome-online-accounts Ubuntu precise *
Gnome-online-accounts Ubuntu quantal *
Gnome-online-accounts Ubuntu upstream *

References