Grilo
Monthly
In GNOME grilo though 0.3.13, grl-net-wc.c does not enable TLS certificate verification on the SoupSessionAsync objects it creates, leaving users vulnerable to network MITM attacks. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.
In GNOME grilo though 0.3.13, grl-net-wc.c does not enable TLS certificate verification on the SoupSessionAsync objects it creates, leaving users vulnerable to network MITM attacks. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.