CVE-2019-3890

It was discovered evolution-ews before 3.31.3 does not check the validity of SSL certificates. An attacker could abuse this flaw to get confidential information by tricking the user into connecting to a fake server without the user noticing the difference.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.1 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 27%
Affected Products (NVD)
VendorProductVersion
gnomeevolution-ews
𝑥
< 3.31.3
redhatenterprise_linux
7.0
redhatenterprise_linux
8.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
evolution-ews
bookworm
3.46.4-1
fixed
bullseye
3.38.3-1+deb11u1
fixed
jessie
no-dsa
sid
3.54.1-1
fixed
stretch
no-dsa
trixie
3.54.1-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
evolution-ews
bionic
needs-triage
cosmic
ignored
disco
ignored
eoan
ignored
focal
needs-triage
groovy
ignored
hirsute
ignored
impish
ignored
jammy
needs-triage
kinetic
ignored
lunar
ignored
mantic
ignored
noble
needs-triage
trusty
dne
xenial
needs-triage
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
atk
RHEL 7
0:2.28.1-2.el7
fixed
atk-devel
RHEL 7
0:2.28.1-2.el7
fixed
evolution
RHEL 7
0:3.28.5-8.el7
fixed
RHEL 8
0:3.28.5-9.el8
fixed
evolution-bogofilter
RHEL 7
0:3.28.5-8.el7
fixed
RHEL 8
0:3.28.5-9.el8
fixed
evolution-data-server
RHEL 7
0:3.28.5-4.el7
fixed
RHEL 8
0:3.28.5-11.el8
fixed
evolution-data-server-devel
RHEL 7
0:3.28.5-4.el7
fixed
RHEL 8
0:3.28.5-11.el8
fixed
evolution-data-server-doc
RHEL 7
0:3.28.5-4.el7
fixed
RHEL 8
0:3.28.5-11.el8
fixed
evolution-data-server-langpacks
RHEL 7
0:3.28.5-4.el7
fixed
RHEL 8
0:3.28.5-11.el8
fixed
evolution-data-server-perl
RHEL 7
0:3.28.5-4.el7
fixed
RHEL 8
0:3.28.5-11.el8
fixed
evolution-data-server-tests
RHEL 7
0:3.28.5-4.el7
fixed
RHEL 8
0:3.28.5-11.el8
fixed
evolution-devel
RHEL 7
0:3.28.5-8.el7
fixed
RHEL 8
0:3.28.5-9.el8
fixed
evolution-devel-docs
RHEL 7
0:3.28.5-8.el7
fixed
evolution-ews
RHEL 7
0:3.28.5-5.el7
fixed
RHEL 8
0:3.28.5-5.el8
fixed
evolution-ews-langpacks
RHEL 7
0:3.28.5-5.el7
fixed
RHEL 8
0:3.28.5-5.el8
fixed
evolution-help
RHEL 7
0:3.28.5-8.el7
fixed
RHEL 8
0:3.28.5-9.el8
fixed
evolution-langpacks
RHEL 7
0:3.28.5-8.el7
fixed
RHEL 8
0:3.28.5-9.el8
fixed
evolution-pst
RHEL 7
0:3.28.5-8.el7
fixed
RHEL 8
0:3.28.5-9.el8
fixed
evolution-spamassassin
RHEL 7
0:3.28.5-8.el7
fixed
RHEL 8
0:3.28.5-9.el8
fixed
Common Weakness Enumeration
References
https://access.redhat.com/errata/RHSA-2019:3699
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3890
https://gitlab.gnome.org/GNOME/evolution-ews/issues/27
https://access.redhat.com/errata/RHSA-2019:3699
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3890
https://gitlab.gnome.org/GNOME/evolution-ews/issues/27