CVE-2021-3349
Severity Score
3.3
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track*
*SSVC
Descriptions
GNOME Evolution through 3.38.3 produces a "Valid signature" message for an unknown identifier on a previously trusted key because Evolution does not retrieve enough information from the GnuPG API. NOTE: third parties dispute the significance of this issue, and dispute whether Evolution is the best place to change this behavior
** EN DISPUTA ** GNOME Evolution versiones hasta 3.38.3, produce un mensaje "Valid signature" para un identificador desconocido en una clave previamente confiable porque Evolution no recupera suficiente informaciĆ³n de la API de GnuPG. NOTA: terceros disputan la importancia de este problema y disputan si Evolution es el mejor lugar para cambiar este comportamiento
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track*
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2021-02-01 CVE Reserved
- 2021-02-01 CVE Published
- 2024-08-03 CVE Updated
- 2024-08-03 First Exploit
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-345: Insufficient Verification of Data Authenticity
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| https://dev.gnupg.org/T4735 | Third Party Advisory | |
| https://gitlab.gnome.org/GNOME/evolution/-/issues/299 | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| https://mgorny.pl/articles/evolution-uid-trust-extrapolation.html | 2024-08-03 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|