Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2020-11879

Published: 17/04/2020 Updated: 04/09/2020
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Subscribe to Evolution

Vulnerability Summary

An issue exists in GNOME Evolution prior to 3.35.91. By using the proprietary (non-RFC6068) "mailto?attach=..." parameter, a website (or other source of mailto links) can make Evolution attach local files or directories to a composed email message without showing a warning to the user, as demonstrated by an attach=. value.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

gnome evolution

Recent Articles

Pretty wild that a malicious mailto: link might attach your secret keys and files from your PC to an outgoing message
The Register • Thomas Claburn in San Francisco • 19 Aug 2020

Some OpenPGP, S/MIME-capable email clients vulnerable to attack Open-source 64-ish-bit serial number gen snafu sparks TLS security cert revoke runaround

Boffins testing the security of OpenPGP and S/MIME, two end-to-end encryption schemes for email, recently found multiple vulnerabilities in the way email client software deals with certificates and key exchange mechanisms. They found that five out of 18 OpenPGP-capable email clients and six out of 18 S/MIME-capable clients are vulnerable to at least one attack. These flaws are not due to cryptographic weaknesses. Rather they arise from the complexity of email infrastructure, based on dozens of s...

Read more...
Pretty wild that a malicious mailto: link might attach your secret keys and files from your PC to an outgoing message
The Register • Thomas Claburn in San Francisco • 19 Aug 2020

Some OpenPGP, S/MIME-capable email clients vulnerable to attack Open-source 64-ish-bit serial number gen snafu sparks TLS security cert revoke runaround

Boffins testing the security of OpenPGP and S/MIME, two end-to-end encryption schemes for email, recently found multiple vulnerabilities in the way email client software deals with certificates and key exchange mechanisms. They found that five out of 18 OpenPGP-capable email clients and six out of 18 S/MIME-capable clients are vulnerable to at least one attack. These flaws are not due to cryptographic weaknesses. Rather they arise from the complexity of email infrastructure, based on dozens of s...

Read more...

References

NVD-CWE-Otherhttps://gitlab.gnome.org/GNOME/evolution/issues/784https://gitlab.gnome.org/GNOME/evolution/-/blob/master/NEWShttps://www.nds.ruhr-uni-bochum.de/media/nds/veroeffentlichungen/2020/08/15/mailto-paper.pdfhttps://nvd.nist.govhttps://www.theregister.co.uk/2020/08/19/openpgp_smime_email_client_mailto_flaws/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977IMAPlocal usersCVE-2024-32038CVE-2023-49963CVE-2023-22869CVE-2024-31497localCVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook