vulnerability
Red Hat: CVE-2019-3890: CVE-2019-3890 evolution-ews: all certificate errors ignored if error is ignored during initial account setup in gnome-online-accounts (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:N/AC:M/Au:N/C:P/I:P/A:N) | Aug 1, 2019 | Nov 6, 2019 | Dec 15, 2023 |
Severity
6
CVSS
(AV:N/AC:M/Au:N/C:P/I:P/A:N)
Published
Aug 1, 2019
Added
Nov 6, 2019
Modified
Dec 15, 2023
Description
It was discovered evolution-ews before 3.31.3 does not check the validity of SSL certificates. An attacker could abuse this flaw to get confidential information by tricking the user into connecting to a fake server without the user noticing the difference.
Solution(s)
redhat-upgrade-atkredhat-upgrade-atk-debuginforedhat-upgrade-atk-develredhat-upgrade-evolutionredhat-upgrade-evolution-bogofilterredhat-upgrade-evolution-bogofilter-debuginforedhat-upgrade-evolution-data-serverredhat-upgrade-evolution-data-server-debuginforedhat-upgrade-evolution-data-server-debugsourceredhat-upgrade-evolution-data-server-develredhat-upgrade-evolution-data-server-docredhat-upgrade-evolution-data-server-langpacksredhat-upgrade-evolution-data-server-perlredhat-upgrade-evolution-data-server-testsredhat-upgrade-evolution-data-server-tests-debuginforedhat-upgrade-evolution-debuginforedhat-upgrade-evolution-debugsourceredhat-upgrade-evolution-develredhat-upgrade-evolution-devel-docsredhat-upgrade-evolution-ewsredhat-upgrade-evolution-ews-debuginforedhat-upgrade-evolution-ews-debugsourceredhat-upgrade-evolution-ews-langpacksredhat-upgrade-evolution-helpredhat-upgrade-evolution-langpacksredhat-upgrade-evolution-pstredhat-upgrade-evolution-pst-debuginforedhat-upgrade-evolution-spamassassinredhat-upgrade-evolution-spamassassin-debuginfo
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.