CVE-2019-3890

Published: Aug 1, 2019Modified: Nov 21, 2024

8.1

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Exploitability: 2.8 / Impact: 5.2

Source: NVD

Description

It was discovered evolution-ews before 3.31.3 does not check the validity of SSL certificates. An attacker could abuse this flaw to get confidential information by tricking the user into connecting to a fake server without the user noticing the difference.

Affected (3)

Products: Gnome: Evolution Ews · Redhat: Enterprise Linux

1 product

1 product

Enterprise Linux

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Gnome Evolution Ews	Before 3.31.3

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux	Version 7.0
Redhat Enterprise Linux	Version 8.0

Related CWEs

Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.

Improper Following of a Certificate's Chain of Trust

The product does not follow, or incorrectly follows, the chain of trust for a certificate back to a trusted root certificate, resulting in incorrect trust of any resource that is associated with that certificate.

References (6)

https://access.redhat.com/errata/RHSA-2019:3699

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3890

Source: secalert@redhat.com

Issue TrackingThird Party Advisory

https://gitlab.gnome.org/GNOME/evolution-ews/issues/27

Source: secalert@redhat.com

Issue TrackingThird Party Advisory

https://access.redhat.com/errata/RHSA-2019:3699

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3890

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

https://gitlab.gnome.org/GNOME/evolution-ews/issues/27

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

Timeline

No history available yet.