It was discovered evolution-ews before 3.31.3 does not check the validity of SSL certificates. An attacker could abuse this flaw to get confidential information by tricking the user into connecting to a fake server without the user noticing the difference.
References
Link | Resource |
---|---|
https://access.redhat.com/errata/RHSA-2019:3699 | |
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3890 | Issue Tracking Third Party Advisory |
https://gitlab.gnome.org/GNOME/evolution-ews/issues/27 | Issue Tracking Third Party Advisory |
https://access.redhat.com/errata/RHSA-2019:3699 | |
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3890 | Issue Tracking Third Party Advisory |
https://gitlab.gnome.org/GNOME/evolution-ews/issues/27 | Issue Tracking Third Party Advisory |
Configurations
History
21 Nov 2024, 04:42
Type | Values Removed | Values Added |
---|---|---|
References | () https://access.redhat.com/errata/RHSA-2019:3699 - | |
References | () https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3890 - Issue Tracking, Third Party Advisory | |
References | () https://gitlab.gnome.org/GNOME/evolution-ews/issues/27 - Issue Tracking, Third Party Advisory |
Information
Published : 2019-08-01 14:15
Updated : 2024-11-21 04:42
NVD link : CVE-2019-3890
Mitre link : CVE-2019-3890
CVE.ORG link : CVE-2019-3890
JSON object : View
Products Affected
redhat
- enterprise_linux
gnome
- evolution-ews