vulnerability
Alpine Linux: CVE-2020-24661: Improper Certificate Validation
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
3 | (AV:N/AC:H/Au:N/C:P/I:N/A:N) | Aug 26, 2020 | Sep 23, 2020 | Oct 2, 2024 |
Severity
3
CVSS
(AV:N/AC:H/Au:N/C:P/I:N/A:N)
Published
Aug 26, 2020
Added
Sep 23, 2020
Modified
Oct 2, 2024
Description
GNOME Geary before 3.36.3 mishandles pinned TLS certificate verification for IMAP and SMTP services using invalid TLS certificates (e.g., self-signed certificates) when the client system is not configured to use a system-provided PKCS#11 store. This allows a meddler in the middle to present a different invalid certificate to intercept incoming and outgoing mail.
Solution
alpine-linux-upgrade-geary

NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.