CVE-2019-3890 – evolution-ews: all certificate errors ignored if error is ignored during initial account setup in gnome-online-accounts

https://notcve.org/view.php?id=CVE-2019-3890

01 Aug 2019 — It was discovered evolution-ews before 3.31.3 does not check the validity of SSL certificates. An attacker could abuse this flaw to get confidential information by tricking the user into connecting to a fake server without the user noticing the difference. Se detectó que evolution-ews anterior a versión 3.31.3, no comprueba la validez de los certificados SSL. Un atacante podría abusar de este fallo para conseguir información confidencial mediante el engaño del usuario para que se conecte a un servidor falso... • https://access.redhat.com/errata/RHSA-2019:3699 • CWE-295: Improper Certificate Validation CWE-296: Improper Following of a Certificate's Chain of Trust •