Vulnerabilities > CVE-2020-11879 - Unspecified vulnerability in Gnome Evolution
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
An issue was discovered in GNOME Evolution before 3.35.91. By using the proprietary (non-RFC6068) "mailto?attach=..." parameter, a website (or other source of mailto links) can make Evolution attach local files or directories to a composed email message without showing a warning to the user, as demonstrated by an attach=. value.
Vulnerable Configurations
References
- https://gitlab.gnome.org/GNOME/evolution/-/blob/master/NEWS
- https://gitlab.gnome.org/GNOME/evolution/issues/784
- https://www.nds.ruhr-uni-bochum.de/media/nds/veroeffentlichungen/2020/08/15/mailto-paper.pdf
- https://gitlab.gnome.org/GNOME/evolution/-/blob/master/NEWS
- https://www.nds.ruhr-uni-bochum.de/media/nds/veroeffentlichungen/2020/08/15/mailto-paper.pdf
- https://gitlab.gnome.org/GNOME/evolution/issues/784