CVE-2011-3201 — Sensitive Information Exposure in Evolution

CWE-200 — Sensitive Information Exposure CWE-356 — Product UI does not Warn User of Unsafe Actions8 documents7 sources

Severity

4.3MEDIUMNVD

EPSS

0.8%

top 25.66%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gnome Evolution Oracle Solaris Redhat Enterprise Linux Desktop +2 more

Timeline

PublishedMar 8

Latest updateMay 17

Description

GNOME Evolution before 3.2.3 allows user-assisted remote attackers to read arbitrary files via the attachment parameter to a mailto: URL, which attaches the file to the email.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages5 packages

▶NVDgnome/evolution3.0.3+44

▶NVDoracle/solaris11.2

▶NVDredhat/enterprise_linux_server6.0

▶NVDredhat/enterprise_linux_desktop6.0

▶NVDredhat/enterprise_linux_workstation6.0

Patches

Patch: bugzilla.redhat.com ↗Patch: git.gnome.org ↗Patch: git.gnome.org ↗

🔴Vulnerability Details

GHSA

GHSA-vj43-93vc-r5g8: GNOME Evolution before 3↗2022-05-17

▶

CVEList

CVE-2011-3201: GNOME Evolution before 3↗2013-03-08

▶

OSV

CVE-2011-3201: GNOME Evolution before 3↗2013-03-08

▶

📋Vendor Advisories

Red Hat

evolution: mailto URL scheme attachment header improper input validation↗2011-08-25

▶

Debian

CVE-2011-3201: evolution - GNOME Evolution before 3.2.3 allows user-assisted remote attackers to read arbit...↗2011

▶

💬Community

Bugzilla

CVE-2011-3201 evolution: mailto: attachment parameter can lead to accidental data exfiltration [fedora-all]↗2011-11-25

▶

Bugzilla

CVE-2011-3201 evolution: mailto URL scheme attachment header improper input validation↗2011-08-25

▶