CVE-2013-1799
GNOME Online Accounts < 3.6.3/3.7.91 MITM Info Disclosure via SSL Bypass
Title source: llmDescription
Gnome Online Accounts (GOA) 3.6.x before 3.6.3 and 3.7.x before 3.7.91, does not properly validate SSL certificates when creating accounts for providers who use the libsoup library, which allows man-in-the-middle attackers to obtain sensitive information such as credentials by sniffing the network. NOTE: this issue exists because of an incomplete fix for CVE-2013-0240.
References (9)
Core 9
Core References
Various Sources mailing-list
x_refsource_mlist
https://mail.gnome.org/archives/gnome-announce-list/2013-March/msg00020.html
Patch x_refsource_confirm
https://git.gnome.org/browse/gnome-online-accounts/commit/?id=9cf4bc0ced2c53bcdd36922caa65afc8a167bbd8
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/51976
Various Sources mailing-list
x_refsource_mlist
https://mail.gnome.org/archives/gnome-announce-list/2013-March/msg00007.html
Issue Tracking x_refsource_confirm
https://bugzilla.gnome.org/show_bug.cgi?id=695106
Various Sources vendor-advisory
x_refsource_ubuntu
http://ubuntu.com/usn/usn-1779-1
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/52791
Issue Tracking x_refsource_confirm
https://bugzilla.gnome.org/show_bug.cgi?id=693214
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2013-02/msg00046.html
Scores
EPSS
0.0056
EPSS Percentile
68.4%
Details
CWE
CWE-310
Status
published
Products (11)
canonical/ubuntu_linux
11.10
canonical/ubuntu_linux
12.04
canonical/ubuntu_linux
12.10
gnome/gnome_online_accounts
3.6.0
gnome/gnome_online_accounts
3.6.1
gnome/gnome_online_accounts
3.6.2
gnome/gnome_online_accounts
3.7.1
gnome/gnome_online_accounts
3.7.2
gnome/gnome_online_accounts
3.7.3
gnome/gnome_online_accounts
3.7.4
... and 1 more
Published
Apr 02, 2013
Tracked Since
Feb 18, 2026