CVE-2020-11879
First published: Fri Apr 17 2020(Updated: )
An issue was discovered in GNOME Evolution before 3.35.91. By using the proprietary (non-RFC6068) "mailto?attach=..." parameter, a website (or other source of mailto links) can make Evolution attach local files or directories to a composed email message without showing a warning to the user, as demonstrated by an attach=. value.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GNOME Evolution | <3.35.91 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue in GNOME Evolution?
The vulnerability ID for this issue in GNOME Evolution is CVE-2020-11879.
What is the severity of CVE-2020-11879?
The severity of CVE-2020-11879 is medium with a severity value of 6.5.
What is the affected version of GNOME Evolution?
The affected version of GNOME Evolution is any version up to and excluding 3.35.91.
How can a website exploit CVE-2020-11879?
A website can exploit CVE-2020-11879 by using the proprietary 'mailto?attach=...' parameter to make Evolution attach local files or directories to a composed email message without showing a warning to the user.
Is there any fix or patch available for CVE-2020-11879?
Yes, the fix for CVE-2020-11879 is available in GNOME Evolution version 3.35.91 and later.
- collector/nvd-index
- agent/type
- agent/tags
- agent/event
- agent/author
- agent/severity
- agent/references
- agent/description
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- vendor/gnome
- canonical/gnome evolution