← Zuruck zu CVEs
CVE-2013-4166
HIGH7.5
Beschreibung
The gpg_ctx_add_recipient function in camel/camel-gpg-context.c in GNOME Evolution 3.8.4 and earlier and Evolution Data Server 3.9.5 and earlier does not properly select the GPG key to use for email encryption, which might cause the email to be encrypted with the wrong key and allow remote attackers to obtain sensitive information.
CVE Details
CVSS v3.1 Bewertung7.5
SchweregradHIGH
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht2/6/2020
Zuletzt geandert11/21/2024
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
gnome:evolutiongnome:evolution_data_serverredhat:enterprise_linux_desktopredhat:enterprise_linux_serverredhat:enterprise_linux_workstation
Schwachen (CWE)
CWE-200
Referenzen
http://rhn.redhat.com/errata/RHSA-2013-1540.html(secalert@redhat.com)
http://seclists.org/oss-sec/2013/q3/191(secalert@redhat.com)
https://bugzilla.redhat.com/show_bug.cgi?id=973728(secalert@redhat.com)
https://git.gnome.org/browse/evolution-data-server/commit/?h=gnome-3-8&id=f7059bb37dcce485d36d769142ec9515708d8ae5(secalert@redhat.com)
https://git.gnome.org/browse/evolution-data-server/commit/?id=5d8b92c622f6927b253762ff9310479dd3ac627d(secalert@redhat.com)
http://rhn.redhat.com/errata/RHSA-2013-1540.html(af854a3a-2127-422b-91ae-364da2661108)
http://seclists.org/oss-sec/2013/q3/191(af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=973728(af854a3a-2127-422b-91ae-364da2661108)
https://git.gnome.org/browse/evolution-data-server/commit/?h=gnome-3-8&id=f7059bb37dcce485d36d769142ec9515708d8ae5(af854a3a-2127-422b-91ae-364da2661108)
https://git.gnome.org/browse/evolution-data-server/commit/?id=5d8b92c622f6927b253762ff9310479dd3ac627d(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.