It was discovered evolution-ews before 3.31.3 does not check the validity of SSL certificates. An attacker could abuse this flaw to get confidential information by tricking the user into connecting to a fake server without the user noticing the difference.
References
Link | Resource |
---|---|
https://access.redhat.com/errata/RHSA-2019:3699 | |
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3890 | Issue Tracking Third Party Advisory |
https://gitlab.gnome.org/GNOME/evolution-ews/issues/27 | Issue Tracking Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2019-08-01T13:22:55
Updated: 2019-11-06T00:08:31
Reserved: 2019-01-03T00:00:00
Link: CVE-2019-3890
JSON object: View
NVD Information
Status : Modified
Published: 2019-08-01T14:15:13.253
Modified: 2019-10-09T23:49:52.493
Link: CVE-2019-3890
JSON object: View
Redhat Information
No data.