-
Notifications
You must be signed in to change notification settings - Fork 16
/
CVE-2021-3349.json
152 lines (152 loc) · 4.29 KB
/
CVE-2021-3349.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
{
"id": "CVE-2021-3349",
"sourceIdentifier": "[email protected]",
"published": "2021-02-01T05:15:11.880",
"lastModified": "2024-11-21T06:21:21.493",
"vulnStatus": "Modified",
"cveTags": [
{
"sourceIdentifier": "[email protected]",
"tags": [
"disputed"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GNOME Evolution through 3.38.3 produces a \"Valid signature\" message for an unknown identifier on a previously trusted key because Evolution does not retrieve enough information from the GnuPG API. NOTE: third parties dispute the significance of this issue, and dispute whether Evolution is the best place to change this behavior"
},
{
"lang": "es",
"value": "** EN DISPUTA ** GNOME Evolution versiones hasta 3.38.3, produce un mensaje \"Valid signature\" para un identificador desconocido en una clave previamente confiable porque Evolution no recupera suficiente informaci\u00f3n de la API de GnuPG. NOTA: terceros disputan la importancia de este problema y disputan si Evolution es el mejor lugar para cambiar este comportamiento"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "[email protected]",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"baseScore": 3.3,
"baseSeverity": "LOW",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "[email protected]",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"baseScore": 2.1,
"accessVector": "LOCAL",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE"
},
"baseSeverity": "LOW",
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "[email protected]",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-345"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gnome:evolution:*:*:*:*:*:*:*:*",
"versionEndIncluding": "3.38.3",
"matchCriteriaId": "50CECDB2-1979-42E6-AA09-EE275F573202"
}
]
}
]
}
],
"references": [
{
"url": "https://dev.gnupg.org/T4735",
"source": "[email protected]",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://gitlab.gnome.org/GNOME/evolution/-/issues/299",
"source": "[email protected]",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://mgorny.pl/articles/evolution-uid-trust-extrapolation.html",
"source": "[email protected]",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
]
},
{
"url": "https://dev.gnupg.org/T4735",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://gitlab.gnome.org/GNOME/evolution/-/issues/299",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://mgorny.pl/articles/evolution-uid-trust-extrapolation.html",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
]
}
]
}