CVE-2019-3890

MEDIUM

Description

It was discovered evolution-ews before 3.31.3 does not check the validity of SSL certificates. An attacker could abuse this flaw to get confidential information by tricking the user into connecting to a fake server without the user noticing the difference.

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3890

https://gitlab.gnome.org/GNOME/evolution-ews/issues/27

Details

Source: MITRE

Published: 2019-08-01

Updated: 2019-10-09

Type: CWE-295

Risk Information

CVSS v2.0

Base Score: 5.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

Impact Score: 4.9

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3.0

Base Score: 8.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Impact Score: 5.2

Exploitability Score: 2.8

Severity: HIGH

Tenable Plugins

View all (11 total)

IDNameProductFamilySeverity
145600CentOS 8 : evolution (CESA-2019:3699)NessusCentOS Local Security Checks
medium
143903NewStart CGSL CORE 5.05 / MAIN 5.05 : evolution-data-server Vulnerability (NS-SA-2020-0114)NessusNewStart CGSL Local Security Checks
medium
143901NewStart CGSL CORE 5.05 / MAIN 5.05 : evolution-ews Vulnerability (NS-SA-2020-0086)NessusNewStart CGSL Local Security Checks
medium
143895NewStart CGSL CORE 5.04 / MAIN 5.04 : evolution-ews Vulnerability (NS-SA-2020-0056)NessusNewStart CGSL Local Security Checks
medium
143892NewStart CGSL CORE 5.04 / MAIN 5.04 : evolution-data-server Vulnerability (NS-SA-2020-0075)NessusNewStart CGSL Local Security Checks
medium
139862Amazon Linux 2 : evolution-data-server (ALAS-2020-1475)NessusAmazon Linux Local Security Checks
medium
135807Scientific Linux Security Update : evolution on SL7.x x86_64 (20200407)NessusScientific Linux Local Security Checks
medium
135332CentOS 7 : atk / evolution / evolution-data-server / evolution-ews (CESA-2020:1080)NessusCentOS Local Security Checks
medium
135047RHEL 7 : evolution (RHSA-2020:1080)NessusRed Hat Local Security Checks
medium
130566RHEL 8 : evolution (RHSA-2019:3699)NessusRed Hat Local Security Checks
medium
123803Fedora 29 : evolution-data-server / evolution-ews (2019-3a2cc6a0b9)NessusFedora Local Security Checks
medium