CVE-2020-11879
 
Severity Score
6.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
An issue was discovered in GNOME Evolution before 3.35.91. By using the proprietary (non-RFC6068) "mailto?attach=..." parameter, a website (or other source of mailto links) can make Evolution attach local files or directories to a composed email message without showing a warning to the user, as demonstrated by an attach=. value.
Se descubrió un problema en GNOME Evolution anterior a la versión 3.35.91. Al utilizar el parámetro "mailto Attach = ..." patentado (no RFC6068), un sitio web (u otra fuente de enlaces mailto) puede hacer que Evolution adjunte archivos o directorios locales a un mensaje de correo electrónico compuesto sin mostrar una advertencia al usuario , como lo demuestra un adjunto =. valor..
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2020-04-17 CVE Reserved
- 2020-04-17 CVE Published
- 2024-02-20 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (3)
URL | Tag | Source |
---|---|---|
https://gitlab.gnome.org/GNOME/evolution/-/blob/master/NEWS | Third Party Advisory | |
https://gitlab.gnome.org/GNOME/evolution/issues/784 | Third Party Advisory | |
https://www.nds.ruhr-uni-bochum.de/media/nds/veroeffentlichungen/2020/08/15/mailto-paper.pdf | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|