GNOME evolution-ews SSL Certificate Validation Information Disclosure Vulnerability

By GIXnews


A vulnerability in GNOME evolution-ews could allow an unauthenticated, remote attacker to access sensitive information or bypass security restrictions on a targeted system.

The vulnerability exists because the affected software does not properly validate SSL certificates. An attacker could exploit this vulnerability by persuading a user to connect to a malicious server. A successful exploit could be used to conduct further attacks.

GNOME has confirmed the vulnerability and released software updates.

Security Impact Rating: High

CVE: CVE-2019-3890

Source:: Cisco Multivendor Vulnerability Alerts