CVE-2014-5444 - Vulnerability Details - OpenCVE

Geary before 0.6.3 does not present the user with a warning when a TLS certificate error is detected, which makes it easier for remote attackers to conduct man-in-the-middle attacks via a crafted certificate.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Yorba	Geary

Configuration 1 [-]

cpe:2.3:a:yorba:geary:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://lists.opensuse.org/opensuse-updates/2014-09/msg00035.html
https://bugzilla.gnome.org/show_bug.cgi?id=713247
https://git.gnome.org/browse/geary/commit/?h=geary-0.6&id=55f06a7bdcedb7efde6a516bde626ea28793ca7e

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2014-09-30T14:00:00

Updated: 2024-08-06T11:41:49.208Z

Reserved: 2014-08-25T00:00:00

Link: CVE-2014-5444

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2014-09-30T14:55:09.093

Modified: 2025-04-12T10:46:40.837

Link: CVE-2014-5444

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-09-28T00:00:00", "descriptions": [{"lang": "en", "value": "Geary before 0.6.3 does not present the user with a warning when a TLS certificate error is detected, which makes it easier for remote attackers to conduct man-in-the-middle attacks via a crafted certificate."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-09-30T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://git.gnome.org/browse/geary/commit/?h=geary-0.6&id=55f06a7bdcedb7efde6a516bde626ea28793ca7e"}, {"name": "openSUSE-SU-2014:1225", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00035.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.gnome.org/show_bug.cgi?id=713247"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-5444", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Geary before 0.6.3 does not present the user with a warning when a TLS certificate error is detected, which makes it easier for remote attackers to conduct man-in-the-middle attacks via a crafted certificate."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://git.gnome.org/browse/geary/commit/?h=geary-0.6&id=55f06a7bdcedb7efde6a516bde626ea28793ca7e", "refsource": "CONFIRM", "url": "https://git.gnome.org/browse/geary/commit/?h=geary-0.6&id=55f06a7bdcedb7efde6a516bde626ea28793ca7e"}, {"name": "openSUSE-SU-2014:1225", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00035.html"}, {"name": "https://bugzilla.gnome.org/show_bug.cgi?id=713247", "refsource": "CONFIRM", "url": "https://bugzilla.gnome.org/show_bug.cgi?id=713247"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T11:41:49.208Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://git.gnome.org/browse/geary/commit/?h=geary-0.6&id=55f06a7bdcedb7efde6a516bde626ea28793ca7e"}, {"name": "openSUSE-SU-2014:1225", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00035.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.gnome.org/show_bug.cgi?id=713247"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-5444", "datePublished": "2014-09-30T14:00:00", "dateReserved": "2014-08-25T00:00:00", "dateUpdated": "2024-08-06T11:41:49.208Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:yorba:geary:*:*:*:*:*:*:*:*", "matchCriteriaId": "DE9290FD-9E28-496B-82E7-B01F1C9F4886", "versionEndIncluding": "0.5.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Geary before 0.6.3 does not present the user with a warning when a TLS certificate error is detected, which makes it easier for remote attackers to conduct man-in-the-middle attacks via a crafted certificate."}, {"lang": "es", "value": "Geary anterior a 0.6.3 no presenta el usuario con un aviso cuando se detecta un error de certificado TLS, lo que facilita a atacantes remotos realizar ataques de man-in-the-middle a trav\u00e9s de un certificado manipulado."}], "id": "CVE-2014-5444", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2014-09-30T14:55:09.093", "references": [{"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00035.html"}, {"source": "cve@mitre.org", "url": "https://bugzilla.gnome.org/show_bug.cgi?id=713247"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://git.gnome.org/browse/geary/commit/?h=geary-0.6&id=55f06a7bdcedb7efde6a516bde626ea28793ca7e"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00035.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.gnome.org/show_bug.cgi?id=713247"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.gnome.org/browse/geary/commit/?h=geary-0.6&id=55f06a7bdcedb7efde6a516bde626ea28793ca7e"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-310"}], "source": "nvd@nist.gov", "type": "Primary"}]}