vulnerability

Red Hat: CVE-2019-3890: CVE-2019-3890 evolution-ews: all certificate errors ignored if error is ignored during initial account setup in gnome-online-accounts (Multiple Advisories)

Try Surface Command
Back to search
Severity
6
CVSS
(AV:N/AC:M/Au:N/C:P/I:P/A:N)
Published
2019-08-01
Added
2019-11-06
Modified
2023-12-15

Description

It was discovered evolution-ews before 3.31.3 does not check the validity of SSL certificates. An attacker could abuse this flaw to get confidential information by tricking the user into connecting to a fake server without the user noticing the difference.

Solution(s)

redhat-upgrade-atkredhat-upgrade-atk-debuginforedhat-upgrade-atk-develredhat-upgrade-evolutionredhat-upgrade-evolution-bogofilterredhat-upgrade-evolution-bogofilter-debuginforedhat-upgrade-evolution-data-serverredhat-upgrade-evolution-data-server-debuginforedhat-upgrade-evolution-data-server-debugsourceredhat-upgrade-evolution-data-server-develredhat-upgrade-evolution-data-server-docredhat-upgrade-evolution-data-server-langpacksredhat-upgrade-evolution-data-server-perlredhat-upgrade-evolution-data-server-testsredhat-upgrade-evolution-data-server-tests-debuginforedhat-upgrade-evolution-debuginforedhat-upgrade-evolution-debugsourceredhat-upgrade-evolution-develredhat-upgrade-evolution-devel-docsredhat-upgrade-evolution-ewsredhat-upgrade-evolution-ews-debuginforedhat-upgrade-evolution-ews-debugsourceredhat-upgrade-evolution-ews-langpacksredhat-upgrade-evolution-helpredhat-upgrade-evolution-langpacksredhat-upgrade-evolution-pstredhat-upgrade-evolution-pst-debuginforedhat-upgrade-evolution-spamassassinredhat-upgrade-evolution-spamassassin-debuginfo

References

Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today