Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2019-3890

Опубликовано: 01 авг. 2019
Источник: debian

Описание

It was discovered evolution-ews before 3.31.3 does not check the validity of SSL certificates. An attacker could abuse this flaw to get confidential information by tricking the user into connecting to a fake server without the user noticing the difference.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
evolution-ewsfixed3.31.90-1experimentalpackage
evolution-ewsfixed3.30.5-1.1package
evolution-ewsno-dsastretchpackage
evolution-ewsno-dsajessiepackage

Примечания

  • https://gitlab.gnome.org/GNOME/evolution-ews/issues/27

  • https://gitlab.gnome.org/GNOME/evolution-ews/issues/36

  • https://bugzilla.redhat.com/show_bug.cgi?id=1678313

  • https://gitlab.gnome.org/GNOME/evolution-ews/commit/915226eca9454b8b3e5adb6f2fff9698451778de

  • Depends on evolution-data-server patch: https://gitlab.gnome.org/GNOME/evolution-data-server/commit/6672b8236139bd6ef41ecb915f4c72e2a052dba5

Связанные уязвимости

ubuntu логотип

CVE-2019-3890

CVSS3: 8.1
ubuntu
больше 6 лет назад

It was discovered evolution-ews before 3.31.3 does not check the validity of SSL certificates. An attacker could abuse this flaw to get confidential information by tricking the user into connecting to a fake server without the user noticing the difference.

redhat логотип

CVE-2019-3890

CVSS3: 8.1
redhat
почти 7 лет назад

It was discovered evolution-ews before 3.31.3 does not check the validity of SSL certificates. An attacker could abuse this flaw to get confidential information by tricking the user into connecting to a fake server without the user noticing the difference.

nvd логотип

CVE-2019-3890

CVSS3: 8.1
nvd
больше 6 лет назад

It was discovered evolution-ews before 3.31.3 does not check the validity of SSL certificates. An attacker could abuse this flaw to get confidential information by tricking the user into connecting to a fake server without the user noticing the difference.

github логотип

GHSA-mcq7-35g4-3c5q

CVSS3: 8.1
github
больше 3 лет назад

It was discovered evolution-ews before 3.31.3 does not check the validity of SSL certificates. An attacker could abuse this flaw to get confidential information by tricking the user into connecting to a fake server without the user noticing the difference.

oracle-oval логотип

ELSA-2019-3699

oracle-oval
около 6 лет назад

ELSA-2019-3699: evolution security and bug fix update (MODERATE)