CVE-2018-15587 — Improper Verification of Cryptographic Signature in Evolution

CWE-347 — Improper Verification of Cryptographic Signature CWE-290 — Authentication Bypass by Spoofing9 documents8 sources

Severity

6.5MEDIUMNVD

EPSS

0.9%

top 23.95%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gnome Evolution Debian Linux

Timeline

PublishedFeb 11

Latest updateMay 14

Description

GNOME Evolution through 3.28.2 is prone to OpenPGP signatures being spoofed for arbitrary messages using a specially crafted email that contains a valid signature from the entity to be impersonated as an attachment.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶Debiangnome/evolution< 3.30.5-1.1+3

▶NVDgnome/evolution3.28.2

Also affects: Debian Linux 8.0

🔴Vulnerability Details

GHSA

GHSA-9p6f-v932-mfxm: GNOME Evolution through 3↗2022-05-14

▶

CVEList

CVE-2018-15587: GNOME Evolution through 3↗2019-02-11

▶

OSV

CVE-2018-15587: GNOME Evolution through 3↗2019-02-11

▶

📋Vendor Advisories

Ubuntu

Evolution Data Server vulnerability↗2019-05-30

▶

Red Hat

evolution: specially crafted email leading to OpenPGP signatures being spoofed for arbitrary messages↗2018-05-27

▶

Debian

CVE-2018-15587: evolution - GNOME Evolution through 3.28.2 is prone to OpenPGP signatures being spoofed for ...↗2018

▶

💬Community

Bugzilla

CVE-2018-15587 evolution: specially crafted email leading to OpenPGP signatures being spoofed for arbitrary messages [fedora-28]↗2019-02-15

▶

Bugzilla

CVE-2018-15587 evolution: specially crafted email leading to OpenPGP signatures being spoofed for arbitrary messages↗2019-02-15

▶