{"containers": {"cna": {"affected": [{"product": "Evolution", "vendor": "GNOME", "versions": [{"status": "affected", "version": "3.8.4 and earlier"}]}, {"product": "Evolution Data Server", "vendor": "GNOME", "versions": [{"status": "affected", "version": "3.9.5 and earlier"}]}], "datePublic": "2013-07-20T00:00:00", "descriptions": [{"lang": "en", "value": "The gpg_ctx_add_recipient function in camel/camel-gpg-context.c in GNOME Evolution 3.8.4 and earlier and Evolution Data Server 3.9.5 and earlier does not properly select the GPG key to use for email encryption, which might cause the email to be encrypted with the wrong key and allow remote attackers to obtain sensitive information."}], "problemTypes": [{"descriptions": [{"description": "Other", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-02-06T14:29:39", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://git.gnome.org/browse/evolution-data-server/commit/?h=gnome-3-8&id=f7059bb37dcce485d36d769142ec9515708d8ae5"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://git.gnome.org/browse/evolution-data-server/commit/?id=5d8b92c622f6927b253762ff9310479dd3ac627d"}, {"tags": ["x_refsource_MISC"], "url": "http://seclists.org/oss-sec/2013/q3/191"}, {"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=973728"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1540.html"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T16:38:00.163Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://git.gnome.org/browse/evolution-data-server/commit/?h=gnome-3-8&id=f7059bb37dcce485d36d769142ec9515708d8ae5"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://git.gnome.org/browse/evolution-data-server/commit/?id=5d8b92c622f6927b253762ff9310479dd3ac627d"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://seclists.org/oss-sec/2013/q3/191"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=973728"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1540.html"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-4166", "datePublished": "2020-02-06T14:29:39", "dateReserved": "2013-06-12T00:00:00", "dateUpdated": "2024-08-06T16:38:00.163Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gnome:evolution:*:*:*:*:*:*:*:*", "matchCriteriaId": "F5E80647-C781-46B5-99FE-642A201658FF", "versionEndIncluding": "3.8.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:evolution_data_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "24ED9A34-5FEB-43EA-BBE7-4207C0F61E67", "versionEndIncluding": "3.9.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The gpg_ctx_add_recipient function in camel/camel-gpg-context.c in GNOME Evolution 3.8.4 and earlier and Evolution Data Server 3.9.5 and earlier does not properly select the GPG key to use for email encryption, which might cause the email to be encrypted with the wrong key and allow remote attackers to obtain sensitive information."}, {"lang": "es", "value": "La funci\u00f3n gpg_ctx_add_recipient en el archivo camel/camel-gpg-context.c en GNOME Evolution versiones 3.8.4 y anteriores y Evolution Data Server versiones 3.9.5 y anteriores, no selecciona apropiadamente la clave GPG que se usa para el cifrado de correo electr\u00f3nico, lo que podr\u00eda causar que el correo electr\u00f3nico sea cifrado con la clave errada y permitir a atacantes remotos obtener informaci\u00f3n confidencial."}], "id": "CVE-2013-4166", "lastModified": "2023-02-13T00:28:34.797", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-02-06T15:15:10.310", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1540.html"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/oss-sec/2013/q3/191"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=973728"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://git.gnome.org/browse/evolution-data-server/commit/?h=gnome-3-8&id=f7059bb37dcce485d36d769142ec9515708d8ae5"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://git.gnome.org/browse/evolution-data-server/commit/?id=5d8b92c622f6927b253762ff9310479dd3ac627d"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2013:1540", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "cheese-0:2.28.1-8.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2013-11-20T00:00:00Z"}, {"advisory": "RHSA-2013:1540", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "control-center-1:2.28.1-39.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2013-11-20T00:00:00Z"}, {"advisory": "RHSA-2013:1540", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "ekiga-0:3.2.6-4.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2013-11-20T00:00:00Z"}, {"advisory": "RHSA-2013:1540", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "evolution-0:2.32.3-30.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2013-11-20T00:00:00Z"}, {"advisory": "RHSA-2013:1540", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "evolution-data-server-0:2.32.3-18.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2013-11-20T00:00:00Z"}, {"advisory": "RHSA-2013:1540", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "evolution-exchange-0:2.32.3-16.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2013-11-20T00:00:00Z"}, {"advisory": "RHSA-2013:1540", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "evolution-mapi-0:0.32.2-12.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2013-11-20T00:00:00Z"}, {"advisory": "RHSA-2013:1540", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "gnome-panel-0:2.30.2-15.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2013-11-20T00:00:00Z"}, {"advisory": "RHSA-2013:1540", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "gnome-python2-desktop-0:2.28.0-5.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2013-11-20T00:00:00Z"}, {"advisory": "RHSA-2013:1540", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "gtkhtml3-0:3.32.2-2.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2013-11-20T00:00:00Z"}, {"advisory": "RHSA-2013:1540", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "libgdata-0:0.6.4-2.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2013-11-20T00:00:00Z"}, {"advisory": "RHSA-2013:1540", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "nautilus-sendto-0:2.28.2-4.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2013-11-20T00:00:00Z"}, {"advisory": "RHSA-2013:1540", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "openchange-0:1.0-6.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2013-11-20T00:00:00Z"}, {"advisory": "RHSA-2013:1540", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "pidgin-0:2.7.9-11.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2013-11-20T00:00:00Z"}, {"advisory": "RHSA-2013:1540", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "planner-0:0.14.4-10.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2013-11-20T00:00:00Z"}, {"advisory": "RHSA-2013:1540", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "totem-0:2.28.6-4.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2013-11-20T00:00:00Z"}], "bugzilla": {"description": "evolution: incorrect selection of recipient gpg public key for encrypted mail", "id": "973728", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=973728"}, "csaw": false, "cvss": {"cvss_base_score": "1.2", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:P/I:N/A:N", "status": "verified"}, "cwe": "CWE-697", "details": ["The gpg_ctx_add_recipient function in camel/camel-gpg-context.c in GNOME Evolution 3.8.4 and earlier and Evolution Data Server 3.9.5 and earlier does not properly select the GPG key to use for email encryption, which might cause the email to be encrypted with the wrong key and allow remote attackers to obtain sensitive information."], "name": "CVE-2013-4166", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "evolution", "product_name": "Red Hat Enterprise Linux 5"}], "public_date": "2013-07-22T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2013-4166\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-4166"], "statement": "Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "threat_severity": "Low"}