Lucene search

K
ubuntucveUbuntu.comUB:CVE-2013-4166
HistoryJul 26, 2013 - 12:00 a.m.

CVE-2013-4166

2013-07-2600:00:00
ubuntu.com
ubuntu.com
12

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.004

Percentile

72.9%

The gpg_ctx_add_recipient function in camel/camel-gpg-context.c in GNOME
Evolution 3.8.4 and earlier and Evolution Data Server 3.9.5 and earlier
does not properly select the GPG key to use for email encryption, which
might cause the email to be encrypted with the wrong key and allow remote
attackers to obtain sensitive information.

Bugs

OSVersionArchitecturePackageVersionFilename
ubuntu12.04noarchevolution-data-server< 3.2.3-0ubuntu7.1UNKNOWN
ubuntu12.10noarchevolution-data-server< 3.6.2-0ubuntu0.2UNKNOWN
ubuntu13.04noarchevolution-data-server< 3.6.4-0ubuntu1.1UNKNOWN

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.004

Percentile

72.9%