CVE-2019-3890 – evolution-ews: all certificate errors ignored if error is ignored during initial account setup in gnome-online-accounts

https://notcve.org/view.php?id=CVE-2019-3890

It was discovered evolution-ews before 3.31.3 does not check the validity of SSL certificates. An attacker could abuse this flaw to get confidential information by tricking the user into connecting to a fake server without the user noticing the difference. Se detectó que evolution-ews anterior a versión 3.31.3, no comprueba la validez de los certificados SSL. Un atacante podría abusar de este fallo para conseguir información confidencial mediante el engaño del usuario para que se conecte a un servidor falso sin que el usuario note la diferencia. It was discovered evolution-ews does not check the validity of SSL certificates. • https://access.redhat.com/errata/RHSA-2019:3699 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3890 https://gitlab.gnome.org/GNOME/evolution-ews/issues/27 https://access.redhat.com/security/cve/CVE-2019-3890 https://bugzilla.redhat.com/show_bug.cgi?id=1678313 • CWE-295: Improper Certificate Validation CWE-296: Improper Following of a Certificate's Chain of Trust •