4.3
CVSSv2

CVE-2018-15587

Published: 11/02/2019 Updated: 10/06/2019
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Summary

GNOME Evolution up to and including 3.28.2 is prone to OpenPGP signatures being spoofed for arbitrary messages using a specially crafted email that contains a valid signature from the entity to be impersonated as an attachment.

Vulnerability Trend

Affected Products

Vendor Product Versions
GnomeEvolution3.28.2
DebianDebian Linux8.0

Vendor Advisories

Evolution Data Server would sometimes display email content as encrypted when it was not ...
Debian Bug report logs - #924616 CVE-2018-15587: Signature Spoofing in PGP encrypted email Package: src:evolution; Maintainer for src:evolution is Debian GNOME Maintainers <pkg-gnome-maintainers@listsaliothdebianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Thu, 14 Mar 2019 22:21:02 UTC Severity: gr ...
Hanno Böck discovered that Evolution was vulnerable to OpenPGP signatures being spoofed for arbitrary messages using a specially crafted HTML email This issue was mitigated by moving the security bar with encryption and signature information above the message headers For the stable distribution (stretch), this problem has been fixed in version 3 ...
GNOME Evolution through 3282 is prone to OpenPGP signatures being spoofed for arbitrary messages using a specially crafted email that contains a valid signature from the entity to be impersonated as an attachment ...
Arch Linux Security Advisory ASA-201904-3 ========================================= Severity: High Date : 2019-04-02 CVE-ID : CVE-2018-15587 Package : evolution Type : content spoofing Remote : Yes Link : securityarchlinuxorg/AVG-889 Summary ======= The package evolution before version 3320-1 is vulnerable to content spoof ...
Arch Linux Security Advisory ASA-201903-17 ========================================== Severity: High Date : 2019-03-28 CVE-ID : CVE-2018-15587 Package : evolution Type : content spoofing Remote : Yes Link : securityarchlinuxorg/AVG-889 Summary ======= The package evolution before version 3320-1 is vulnerable to content spo ...

Mailing Lists

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4457-1 security () debian org wwwdebianorg/security/ Sebastien Delafond June 07, 2019 wwwdebianorg/security/faq ...
In the scope of academic research at Ruhr-University Bochum and Münster University of Applied Sciences, Germany, various vulnerabilities regarding the signature verification logic in OpenPGP and S/MIME capable email clients have been discovered While neither OpenPGP nor S/MIME are directly affected, email client implementations show a poor perfo ...
We demonstrate how an attacker can spoof email signatures in 70% of the tested clients, including Thunderbird, Outlook with GpgOL, KMail, Evolution, Trojitá, Apple Mail with GPGTools, Airmail, K-9 Mail, Roundcube and Mailpile Title: "Johnny, you are fired! – Spoofing OpenPGP and S/MIME Signatures in Emails" To appear at USENIX Security '19 J ...