CVE-2018-15587

MEDIUM

Gnome Evolution < 3.28.2 - Signature Verification Bypass

Title source: rule
STIX 2.1

Description

GNOME Evolution through 3.28.2 is prone to OpenPGP signatures being spoofed for arbitrary messages using a specially crafted email that contains a valid signature from the entity to be impersonated as an attachment.

References (13)

Core 13
Core References
Exploit, Issue Tracking, Vendor Advisory x_refsource_misc
https://bugzilla.gnome.org/show_bug.cgi?id=796424
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2019/04/msg00027.html
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2019/04/30/4
Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2019/Apr/38
Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/152703/Johnny-You-Are-Fired.html
Vendor Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/3998-1/
Third Party Advisory vendor-advisory x_refsource_debian
https://www.debian.org/security/2019/dsa-4457
Mailing List mailing-list x_refsource_bugtraq
https://seclists.org/bugtraq/2019/Jun/7

Scores

CVSS v3 6.5
EPSS 0.0092
EPSS Percentile 76.1%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Details

CWE
CWE-347
Status published
Products (2)
debian/debian_linux 8.0
gnome/evolution < 3.28.2
Published Feb 11, 2019
Tracked Since Feb 18, 2026