What is CVE-2013-4166?

CVE-2013-4166 is a high-severity vulnerability in Gnome Evolution, classified under Information Disclosure. CVSS score: 7.5/10. Published 2020-02-06.

How severe is CVE-2013-4166?

High severity. CVSS v3 base score is 7.5 out of 10.

Information disclosure in Gnome Evolution

CVE-2013-4166

The gpg_ctx_add_recipient function in camel/camel-gpg-context.c in GNOME Evolution 3.8.4 and earlier and Evolution Data Server 3.9.5 and earlier does not properly select the GPG key to use for email encryption, which might cause the email…

Vulnerability class: Information Disclosure

EPSS: 0.018 (76.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.

Affected products

Gnome Evolution — versions 3.8.4 and earlier
Gnome Evolution Data Server — versions 3.9.5 and earlier
Gnome Evolution_data_server
Redhat Enterprise_linux_desktop — versions 6.0
Redhat Enterprise_linux_server — versions 6.0
Redhat Enterprise_linux_workstation — versions 6.0

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

secalert@redhat.com (x_refsource_CONFIRM, Patch, Vendor Advisory)
secalert@redhat.com (x_refsource_CONFIRM, Patch, Vendor Advisory)
secalert@redhat.com (Mailing List, Third Party Advisory, x_refsource_MISC)
secalert@redhat.com (Third Party Advisory, x_refsource_MISC, Issue Tracking)
secalert@redhat.com (x_refsource_CONFIRM, Third Party Advisory)

Frequently asked questions

What is CVE-2013-4166?: CVE-2013-4166 is a high-severity vulnerability in Gnome Evolution, classified under Information Disclosure. CVSS score: 7.5/10. Published 2020-02-06.
How severe is CVE-2013-4166?: High severity. CVSS v3 base score is 7.5 out of 10.