CVE-2013-4166
HIGHGNOME Evolution < 3.8.4 & Evolution Data Server < 3.9.5 - Sensitive Info Exposure via GPG Key
Title source: llmDescription
The gpg_ctx_add_recipient function in camel/camel-gpg-context.c in GNOME Evolution 3.8.4 and earlier and Evolution Data Server 3.9.5 and earlier does not properly select the GPG key to use for email encryption, which might cause the email to be encrypted with the wrong key and allow remote attackers to obtain sensitive information.
References (5)
Core 5
Core References
Patch, Vendor Advisory x_refsource_confirm
https://git.gnome.org/browse/evolution-data-server/commit/?h=gnome-3-8&id=f7059bb37dcce485d36d769142ec9515708d8ae5
Patch, Vendor Advisory x_refsource_confirm
https://git.gnome.org/browse/evolution-data-server/commit/?id=5d8b92c622f6927b253762ff9310479dd3ac627d
Mailing List, Third Party Advisory x_refsource_misc
http://seclists.org/oss-sec/2013/q3/191
Issue Tracking, Third Party Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=973728
Third Party Advisory x_refsource_confirm
http://rhn.redhat.com/errata/RHSA-2013-1540.html
Scores
CVSS v3
7.5
EPSS
0.0100
EPSS Percentile
77.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (5)
gnome/evolution
< 3.8.4
gnome/evolution_data_server
< 3.9.5
redhat/enterprise_linux_desktop
6.0
redhat/enterprise_linux_server
6.0
redhat/enterprise_linux_workstation
6.0
Published
Feb 06, 2020
Tracked Since
Feb 18, 2026