Vulnerability Details CVE-2020-24661
GNOME Geary before 3.36.3 mishandles pinned TLS certificate verification for IMAP and SMTP services using invalid TLS certificates (e.g., self-signed certificates) when the client system is not configured to use a system-provided PKCS#11 store. This allows a meddler in the middle to present a different invalid certificate to intercept incoming and outgoing mail.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 48.3%
CVSS Severity
CVSS v3 Score 5.9
CVSS v2 Score 2.6
Products affected by CVE-2020-24661
-
cpe:2.3:a:gnome:geary:0.1
-
cpe:2.3:a:gnome:geary:0.1.90
-
cpe:2.3:a:gnome:geary:0.10.0
-
cpe:2.3:a:gnome:geary:0.11.0
-
cpe:2.3:a:gnome:geary:0.11.1
-
cpe:2.3:a:gnome:geary:0.11.2
-
cpe:2.3:a:gnome:geary:0.11.3
-
cpe:2.3:a:gnome:geary:0.11.4
-
cpe:2.3:a:gnome:geary:0.12.0
-
cpe:2.3:a:gnome:geary:0.12.1
-
cpe:2.3:a:gnome:geary:0.12.2
-
cpe:2.3:a:gnome:geary:0.12.3
-
cpe:2.3:a:gnome:geary:0.12.4
-
cpe:2.3:a:gnome:geary:0.13.0
-
cpe:2.3:a:gnome:geary:0.13.1
-
cpe:2.3:a:gnome:geary:0.13.2
-
cpe:2.3:a:gnome:geary:0.13.3
-
cpe:2.3:a:gnome:geary:0.2.0
-
cpe:2.3:a:gnome:geary:0.2.2
-
cpe:2.3:a:gnome:geary:0.3.0
-
cpe:2.3:a:gnome:geary:0.3.1
-
cpe:2.3:a:gnome:geary:0.4.0
-
cpe:2.3:a:gnome:geary:0.4.1
-
cpe:2.3:a:gnome:geary:0.4.2
-
cpe:2.3:a:gnome:geary:0.4.3
-
cpe:2.3:a:gnome:geary:0.5.0
-
cpe:2.3:a:gnome:geary:0.5.1
-
cpe:2.3:a:gnome:geary:0.5.2
-
cpe:2.3:a:gnome:geary:0.5.3
-
cpe:2.3:a:gnome:geary:0.6.0
-
cpe:2.3:a:gnome:geary:0.6.1
-
cpe:2.3:a:gnome:geary:0.6.3
-
cpe:2.3:a:gnome:geary:0.6.4
-
cpe:2.3:a:gnome:geary:0.6.5
-
cpe:2.3:a:gnome:geary:0.7.0
-
cpe:2.3:a:gnome:geary:0.7.1
-
cpe:2.3:a:gnome:geary:0.7.2
-
cpe:2.3:a:gnome:geary:0.8.0
-
cpe:2.3:a:gnome:geary:0.8.1
-
cpe:2.3:a:gnome:geary:0.8.2
-
cpe:2.3:a:gnome:geary:0.8.3
-
cpe:2.3:a:gnome:geary:0.9.0
-
cpe:2.3:a:gnome:geary:0.9.1
-
cpe:2.3:a:gnome:geary:3.32.0
-
cpe:2.3:a:gnome:geary:3.32.1
-
cpe:2.3:a:gnome:geary:3.32.2
-
cpe:2.3:a:gnome:geary:3.33.1
-
cpe:2.3:a:gnome:geary:3.33.90
-
cpe:2.3:a:gnome:geary:3.33.91
-
cpe:2.3:a:gnome:geary:3.34.0
-
cpe:2.3:a:gnome:geary:3.34.1
-
cpe:2.3:a:gnome:geary:3.34.2
-
cpe:2.3:a:gnome:geary:3.35.1
-
cpe:2.3:a:gnome:geary:3.35.2
-
cpe:2.3:a:gnome:geary:3.35.90
-
cpe:2.3:a:gnome:geary:3.36.1
-
cpe:2.3:a:gnome:geary:3.36.2
-
cpe:2.3:o:fedoraproject:fedora:31
-
cpe:2.3:o:fedoraproject:fedora:32