vulnerability

Alpine Linux: CVE-2020-24661: Improper Certificate Validation

Severity
3
CVSS
(AV:N/AC:H/Au:N/C:P/I:N/A:N)
Published
Aug 26, 2020
Added
Sep 23, 2020
Modified
Oct 2, 2024

Description

GNOME Geary before 3.36.3 mishandles pinned TLS certificate verification for IMAP and SMTP services using invalid TLS certificates (e.g., self-signed certificates) when the client system is not configured to use a system-provided PKCS#11 store. This allows a meddler in the middle to present a different invalid certificate to intercept incoming and outgoing mail.

Solution

alpine-linux-upgrade-geary
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.