Rapid7 Vulnerability & Exploit Database

Alpine Linux: CVE-2020-24661: geary mishandles pinned TLS certificate verification for IMAP and SMTP services using invalid TLS certificates

Free InsightVM Trial No Credit Card Necessary

Watch Demo See how it all works

Back to Search

Alpine Linux: CVE-2020-24661: geary mishandles pinned TLS certificate verification for IMAP and SMTP services using invalid TLS certificates

Severity

CVSS

(AV:N/AC:H/Au:N/C:P/I:N/A:N)

Published

08/26/2020

Created

09/24/2020

Added

09/23/2020

Modified

10/22/2020

Description

GNOME Geary before 3.36.3 mishandles pinned TLS certificate verification for IMAP and SMTP services using invalid TLS certificates (e.g., self-signed certificates) when the client system is not configured to use a system-provided PKCS#11 store. This allows a meddler in the middle to present a different invalid certificate to intercept incoming and outgoing mail.

Solution(s)

alpine-linux-upgrade-geary

References

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;

Rapid7 Vulnerability & Exploit Database

Alpine Linux: CVE-2020-24661: geary mishandles pinned TLS certificate verification for IMAP and SMTP services using invalid TLS certificates

Alpine Linux: CVE-2020-24661: geary mishandles pinned TLS certificate verification for IMAP and SMTP services using invalid TLS certificates

Description

Solution(s)

References

Success! Thank you for submission. We will be in touch shortly.

Oops! There was a problem in submission. Please try again.

Submit your information and we will get in touch with you.