evolution is vulnerable to arbitrary file read attacks. The vulnerability exists as GNOME Evolution before 3.2.3 allows user-assisted remote attackers to read arbitrary files via the attachment parameter to a mailto: URL, which attaches the file to the email.
CPE | Name | Operator | Version |
---|---|---|---|
evolution | eq | 2.28.3__10.el6 | |
evolution | eq | 2.28.3__24.el6 | |
evolution | eq | 2.28.3__10.el6 | |
evolution | eq | 2.28.3__24.el6 |
rhn.redhat.com/errata/RHSA-2013-0516.html
www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
access.redhat.com/errata/RHSA-2013:0516
access.redhat.com/security/cve/CVE-2011-3201
access.redhat.com/security/updates/classification/#low
bugzilla.gnome.org/show_bug.cgi?id=657374
bugzilla.redhat.com/show_bug.cgi?id=733504
bugzilla.redhat.com/show_bug.cgi?id=805239
bugzilla.redhat.com/show_bug.cgi?id=890642
exchange.xforce.ibmcloud.com/vulnerabilities/82450
git.gnome.org/browse/evolution/commit/?id=0a478083fa31aec0059bc6feacc054226fe55b56
git.gnome.org/browse/evolution/commit/?id=588c410718068388f8ce0004a71c104a4c89cce3
rhn.redhat.com/errata/RHSA-2013-0516.html