CVE-2016-20011

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://bugzilla.gnome.org/show_bug.cgi?id=772647", "name": "https://bugzilla.gnome.org/show_bug.cgi?id=772647", "tags": ["Issue Tracking", "Vendor Advisory"], "refsource": "MISC"}, {"url": "https://gitlab.gnome.org/GNOME/libgrss/-/issues/4", "name": "https://gitlab.gnome.org/GNOME/libgrss/-/issues/4", "tags": ["Issue Tracking", "Vendor Advisory"], "refsource": "MISC"}, {"url": "https://gitlab.gnome.org/GNOME/libgrss/-/merge_requests/7.patch", "name": "https://gitlab.gnome.org/GNOME/libgrss/-/merge_requests/7.patch", "tags": ["Mailing List", "Patch", "Vendor Advisory"], "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "libgrss through 0.7.0 fails to perform TLS certificate verification when downloading feeds, allowing remote attackers to manipulate the contents of feeds without detection. This occurs because of the default behavior of SoupSessionSync."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-295"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2016-20011", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "acInsufInfo": false, "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}}, "publishedDate": "2021-05-25T21:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:gnome:libgrss:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "0.7.0"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2021-06-09T15:03Z"}