CVE-2020-11879Sensitive Info Insertion into Sent Data in Evolution

CWE-201Sensitive Info Insertion into Sent Data8 documents7 sources
Severity
6.5MEDIUMNVD
EPSS
0.3%
top 45.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Gnome Evolution
Timeline
PublishedApr 17
Latest updateMay 24

Description

An issue was discovered in GNOME Evolution before 3.35.91. By using the proprietary (non-RFC6068) "mailto?attach=..." parameter, a website (or other source of mailto links) can make Evolution attach local files or directories to a composed email message without showing a warning to the user, as demonstrated by an attach=. value.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDgnome/evolution< 3.35.91
Debiangnome/evolution< 3.36.0-1+3

🔴Vulnerability Details

3
GHSA
GHSA-c29m-85fj-ccfm: An issue was discovered in GNOME Evolution before 32022-05-24
OSV
CVE-2020-11879: An issue was discovered in GNOME Evolution before 32020-04-17
CVEList
CVE-2020-11879: An issue was discovered in GNOME Evolution before 32020-04-17

📋Vendor Advisories

2
Red Hat
evolution: attaching local filed/directories to composed email can lead to unintended information disclosure2020-04-17
Debian
CVE-2020-11879: evolution - An issue was discovered in GNOME Evolution before 3.35.91. By using the propriet...2020

💬Community

2
Bugzilla
CVE-2020-11879 evolution: attaching local filed/directories to composed email can lead to unintended information disclosure2020-08-10
Bugzilla
CVE-2020-11879 evolution: attaching local filed/directories to composed email can lead to unintended information disclosure [fedora-31]2020-08-10
CVE-2020-11879 — Gnome Evolution vulnerability | cvebase