Email Client Vulnerability in GNOME Evolution by GNOME
CVE-2020-11879

6.5MEDIUM

Key Information:

Vendor

Gnome
Status
Evolution
Vendor
CVE Published:
17 April 2020

What is CVE-2020-11879?

A security issue identified in GNOME Evolution prior to version 3.35.91 allows the misuse of the 'mailto?attach=...' parameter, enabling third-party websites to attach local files or directories to emails without alerting the user. This oversight raises risks of unauthorized file disclosure, making it imperative for users to upgrade to protect against potential exploitation.

References

https://gitlab.gnome.org/GNOME/evolution/issues/784
x_refsource_MISC
https://gitlab.gnome.org/GNOME/evolution/-/blob/master/NEWS
x_refsource_MISC
https://www.nds.ruhr-uni-bochum.de/media/nds/veroeffentli...
x_refsource_MISC

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.