CVE-2009-1631 — Evolution vulnerability

CWE-2647 documents7 sources

Severity

2.1LOWNVD

EPSS

0.1%

top 71.46%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gnome Evolution

Timeline

PublishedMay 14

Latest updateMay 2

Description

The Mailer component in Evolution 2.26.1 and earlier uses world-readable permissions for the .evolution directory, and certain directories and files under .evolution/ related to local mail, which allows local users to obtain sensitive information by reading these files.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages2 packages

▶Debiangnome/evolution< 2.29.90-1+3

▶NVDgnome/evolution2.26.1+18

🔴Vulnerability Details

GHSA

GHSA-q8vh-phfc-qrw2: The Mailer component in Evolution 2↗2022-05-02

▶

CVEList

CVE-2009-1631: The Mailer component in Evolution 2↗2009-05-14

▶

OSV

CVE-2009-1631: The Mailer component in Evolution 2↗2009-05-14

▶

📋Vendor Advisories

Red Hat

evolution: insecure permissions on evolution mailbox folders↗2009-05-01

▶

Debian

CVE-2009-1631: evolution - The Mailer component in Evolution 2.26.1 and earlier uses world-readable permiss...↗2009

▶

💬Community

Bugzilla

CVE-2009-1631 evolution: insecure permissions on evolution mailbox folders↗2009-05-01

▶