Lucene search

Veracode Vulnerability DatabaseVERACODE:11142

HistoryJan 15, 2019 - 8:57 a.m.

Arbitrary File Read

2019-01-1508:57:35

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.005 Low

EPSS

Percentile

76.3%

JSON

evolution is vulnerable to arbitrary file read attacks. The vulnerability exists as GNOME Evolution before 3.2.3 allows user-assisted remote attackers to read arbitrary files via the attachment parameter to a mailto: URL, which attaches the file to the email.

CPENameOperatorVersion
evolutioneq2.28.3__10.el6
evolutioneq2.28.3__24.el6
evolutioneq2.28.3__10.el6
evolutioneq2.28.3__24.el6

Name	Operator	Version
evolution	eq	2.28.3__10.el6
evolution	eq	2.28.3__24.el6
evolution	eq	2.28.3__10.el6
evolution	eq	2.28.3__24.el6

References

rhn.redhat.com/errata/RHSA-2013-0516.html

www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html

access.redhat.com/errata/RHSA-2013:0516

access.redhat.com/security/cve/CVE-2011-3201

access.redhat.com/security/updates/classification/#low

bugzilla.gnome.org/show_bug.cgi?id=657374

bugzilla.redhat.com/show_bug.cgi?id=733504

bugzilla.redhat.com/show_bug.cgi?id=805239

bugzilla.redhat.com/show_bug.cgi?id=890642

exchange.xforce.ibmcloud.com/vulnerabilities/82450

git.gnome.org/browse/evolution/commit/?id=0a478083fa31aec0059bc6feacc054226fe55b56

git.gnome.org/browse/evolution/commit/?id=588c410718068388f8ce0004a71c104a4c89cce3