CVE-2011-3201

Sažetak

GNOME Evolution before 3.2.3 allows user-assisted remote attackers to read arbitrary files via the attachment parameter to a mailto: URL, which attaches the file to the email.

Reference

https://git.gnome.org/browse/evolution/commit/?id=588c410718068388f8ce0004a71c104a4c89cce3
https://git.gnome.org/browse/evolution/commit/?id=0a478083fa31aec0059bc6feacc054226fe55b56
https://bugzilla.gnome.org/show_bug.cgi?id=657374
https://bugzilla.redhat.com/show_bug.cgi?id=733504
http://rhn.redhat.com/errata/RHSA-2013-0516.html
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/82450

CVSS

Base:	4.3
Impact:	2.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

13-02-2023 - 04:32

Objavljeno

08-03-2013 - 21:55