Main Vulnerability Database SB2019040249

SB2019040249 - Fedora 29 update for evolution-data-server, evolution-ews

Published: April 2, 2019 Updated: April 24, 2025

Security Bulletin ID SB2019040249

CSH Severity

High

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Improper Certificate Validation (CVE-ID: CVE-2019-3890)

CWE-ID: CWE-295 - Improper Certificate Validation

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

It was discovered evolution-ews before 3.31.3 does not check the validity of SSL certificates. An attacker could abuse this flaw to get confidential information by tricking the user into connecting to a fake server without the user noticing the difference.

Remediation

Install update from vendor's website.

References

https://bodhi.fedoraproject.org/updates/FEDORA-2019-3a2cc6a0b9

SB2019040249 - Fedora 29 update for evolution-data-server, evolution-ews

Breakdown by Severity

Description

Remediation

References

Please verify you're human