{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "GNOME Evolution through 3.38.3 produces a \"Valid signature\" message for an unknown identifier on a previously trusted key because Evolution does not retrieve enough information from the GnuPG API. NOTE: third parties dispute the significance of this issue, and dispute whether Evolution is the best place to change this behavior"}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-02-01T04:04:19", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://gitlab.gnome.org/GNOME/evolution/-/issues/299"}, {"tags": ["x_refsource_MISC"], "url": "https://mgorny.pl/articles/evolution-uid-trust-extrapolation.html"}, {"tags": ["x_refsource_MISC"], "url": "https://dev.gnupg.org/T4735"}], "tags": ["disputed"], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-3349", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "** DISPUTED ** GNOME Evolution through 3.38.3 produces a \"Valid signature\" message for an unknown identifier on a previously trusted key because Evolution does not retrieve enough information from the GnuPG API. NOTE: third parties dispute the significance of this issue, and dispute whether Evolution is the best place to change this behavior."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://gitlab.gnome.org/GNOME/evolution/-/issues/299", "refsource": "MISC", "url": "https://gitlab.gnome.org/GNOME/evolution/-/issues/299"}, {"name": "https://mgorny.pl/articles/evolution-uid-trust-extrapolation.html", "refsource": "MISC", "url": "https://mgorny.pl/articles/evolution-uid-trust-extrapolation.html"}, {"name": "https://dev.gnupg.org/T4735", "refsource": "MISC", "url": "https://dev.gnupg.org/T4735"}]}}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-11T14:46:55.077398Z", "id": "CVE-2021-3349", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-11T14:47:36.733Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T16:53:17.551Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://gitlab.gnome.org/GNOME/evolution/-/issues/299"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://mgorny.pl/articles/evolution-uid-trust-extrapolation.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://dev.gnupg.org/T4735"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-3349", "datePublished": "2021-02-01T04:04:19", "dateReserved": "2021-02-01T00:00:00", "dateUpdated": "2024-08-03T16:53:17.551Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://gitlab.gnome.org/GNOME/evolution/-/issues/299", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://mgorny.pl/articles/evolution-uid-trust-extrapolation.html", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://dev.gnupg.org/T4735", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T16:53:17.551Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-3349", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-11T14:46:55.077398Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-11T14:47:32.637Z"}}], "cna": {"tags": ["disputed"], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://gitlab.gnome.org/GNOME/evolution/-/issues/299", "tags": ["x_refsource_MISC"]}, {"url": "https://mgorny.pl/articles/evolution-uid-trust-extrapolation.html", "tags": ["x_refsource_MISC"]}, {"url": "https://dev.gnupg.org/T4735", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "GNOME Evolution through 3.38.3 produces a \"Valid signature\" message for an unknown identifier on a previously trusted key because Evolution does not retrieve enough information from the GnuPG API. NOTE: third parties dispute the significance of this issue, and dispute whether Evolution is the best place to change this behavior"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2021-02-01T04:04:19"}, "x_legacyV4Record": {"affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "n/a"}]}, "product_name": "n/a"}]}, "vendor_name": "n/a"}]}}, "data_type": "CVE", "references": {"reference_data": [{"url": "https://gitlab.gnome.org/GNOME/evolution/-/issues/299", "name": "https://gitlab.gnome.org/GNOME/evolution/-/issues/299", "refsource": "MISC"}, {"url": "https://mgorny.pl/articles/evolution-uid-trust-extrapolation.html", "name": "https://mgorny.pl/articles/evolution-uid-trust-extrapolation.html", "refsource": "MISC"}, {"url": "https://dev.gnupg.org/T4735", "name": "https://dev.gnupg.org/T4735", "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "** DISPUTED ** GNOME Evolution through 3.38.3 produces a \"Valid signature\" message for an unknown identifier on a previously trusted key because Evolution does not retrieve enough information from the GnuPG API. NOTE: third parties dispute the significance of this issue, and dispute whether Evolution is the best place to change this behavior."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2021-3349", "STATE": "PUBLIC", "ASSIGNER": "cve@mitre.org"}}}}, "cveMetadata": {"cveId": "CVE-2021-3349", "state": "PUBLISHED", "dateUpdated": "2024-08-03T16:53:17.551Z", "dateReserved": "2021-02-01T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2021-02-01T04:04:19", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gnome:evolution:*:*:*:*:*:*:*:*", "matchCriteriaId": "50CECDB2-1979-42E6-AA09-EE275F573202", "versionEndIncluding": "3.38.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [{"sourceIdentifier": "cve@mitre.org", "tags": ["disputed"]}], "descriptions": [{"lang": "en", "value": "GNOME Evolution through 3.38.3 produces a \"Valid signature\" message for an unknown identifier on a previously trusted key because Evolution does not retrieve enough information from the GnuPG API. NOTE: third parties dispute the significance of this issue, and dispute whether Evolution is the best place to change this behavior"}, {"lang": "es", "value": "** EN DISPUTA ** GNOME Evolution versiones hasta 3.38.3, produce un mensaje \"Valid signature\" para un identificador desconocido en una clave previamente confiable porque Evolution no recupera suficiente informaci\u00f3n de la API de GnuPG. NOTA: terceros disputan la importancia de este problema y disputan si Evolution es el mejor lugar para cambiar este comportamiento"}], "id": "CVE-2021-3349", "lastModified": "2024-08-03T17:15:42.003", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-02-01T05:15:11.880", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://dev.gnupg.org/T4735"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://gitlab.gnome.org/GNOME/evolution/-/issues/299"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Technical Description", "Third Party Advisory"], "url": "https://mgorny.pl/articles/evolution-uid-trust-extrapolation.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-345"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "evolution-data-server: mail is shown as having a valid signature from an unknown identifier on a previously trusted key", "id": "1923113", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1923113"}, "csaw": false, "cvss3": {"cvss3_base_score": "2.9", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "draft"}, "cwe": "CWE-345", "details": ["GNOME Evolution through 3.38.3 produces a \"Valid signature\" message for an unknown identifier on a previously trusted key because Evolution does not retrieve enough information from the GnuPG API. NOTE: third parties dispute the significance of this issue, and dispute whether Evolution is the best place to change this behavior"], "name": "CVE-2021-3349", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "evolution-data-server", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "evolution-data-server", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "evolution-data-server", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "evolution-data-server", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2021-02-01T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-3349\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-3349"], "threat_severity": "Low", "upstream_fix": "evolution-data-server-3.40.4 evolution-3.40.4"}