Description
GNOME Evolution before 3.2.3 allows user-assisted remote attackers to read arbitrary files via the attachment parameter to a mailto: URL, which attaches the file to the email.
References (7)
Core 7
Core References
Patch, Vendor Advisory x_refsource_confirm
https://git.gnome.org/browse/evolution/commit/?id=0a478083fa31aec0059bc6feacc054226fe55b56
Third Party Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-0516.html
Third Party Advisory x_refsource_confirm
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/82450
Issue Tracking, Patch, Vendor Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=733504
Issue Tracking x_refsource_confirm
https://bugzilla.gnome.org/show_bug.cgi?id=657374
Patch, Vendor Advisory x_refsource_confirm
https://git.gnome.org/browse/evolution/commit/?id=588c410718068388f8ce0004a71c104a4c89cce3
Scores
EPSS
0.0082
EPSS Percentile
74.5%
Details
CWE
CWE-200
Status
published
Products (49)
gnome/evolution
1.0.8
gnome/evolution
1.2
gnome/evolution
1.2.1
gnome/evolution
1.2.2
gnome/evolution
1.2.3
gnome/evolution
1.2.4
gnome/evolution
1.4
gnome/evolution
1.4.3
gnome/evolution
1.4.4
gnome/evolution
1.4.5
... and 39 more
Published
Mar 08, 2013
Tracked Since
Feb 18, 2026