Information disclosure in Gnome Evolution

CVE-2011-3201

GNOME Evolution before 3.2.3 allows user-assisted remote attackers to read arbitrary files via the attachment parameter to a mailto: URL, which attaches the file to the email.

Vulnerability class: Information Disclosure

EPSS: 0.027 (83.8th percentile) — read the EPSS interpretation.

Affected products

Gnome Evolution — versions 1.0.8, 1.2, 1.2.1
Oracle Solaris — versions 11.2
Redhat Enterprise_linux_desktop — versions 6.0
Redhat Enterprise_linux_server — versions 6.0
Redhat Enterprise_linux_workstation — versions 6.0
N/a — versions n/a

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

secalert@redhat.com (x_refsource_CONFIRM, Patch, Vendor Advisory)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
secalert@redhat.com (x_refsource_CONFIRM, Third Party Advisory)
secalert@redhat.com (vdb-entry, x_refsource_XF)
secalert@redhat.com (Patch, x_refsource_MISC, Issue Tracking, Vendor Advisory)
secalert@redhat.com (x_refsource_CONFIRM, Issue Tracking)
secalert@redhat.com (x_refsource_CONFIRM, Patch, Vendor Advisory)