{"id":"CVE-2019-3890","details":"It was discovered evolution-ews before 3.31.3 does not check the validity of SSL certificates. An attacker could abuse this flaw to get confidential information by tricking the user into connecting to a fake server without the user noticing the difference.","modified":"2026-04-11T12:14:44.827825Z","published":"2019-08-01T14:15:13.253Z","database_specific":{"unresolved_ranges":[{"extracted_events":[{"last_affected":"7.0"}],"source":"CPE_FIELD","cpe":"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*"},{"extracted_events":[{"last_affected":"8.0"}],"source":"CPE_FIELD","cpe":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*"}]},"references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:3699"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3890"},{"type":"REPORT","url":"https://gitlab.gnome.org/GNOME/evolution-ews/issues/27"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/gnome/evolution-ews","events":[{"introduced":"0"},{"fixed":"d3be1f2326b51808bd0ec1ea671069c6635f68f0"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"fixed":"3.31.3"}],"source":"CPE_FIELD","cpe":"cpe:2.3:a:gnome:evolution-ews:*:*:*:*:*:*:*:*"}}],"versions":["3.27.4","3.27.90","3.27.91","3.27.92","3.28.0","3.29.1","3.29.2","3.29.3","3.29.4","3.29.90","3.29.91","3.29.92","3.30.0","3.31.1","3.31.2","ALPHA","EVOLUTION_EWS_3_10_0","EVOLUTION_EWS_3_11_1","EVOLUTION_EWS_3_11_2","EVOLUTION_EWS_3_11_3","EVOLUTION_EWS_3_11_4","EVOLUTION_EWS_3_11_5","EVOLUTION_EWS_3_11_90","EVOLUTION_EWS_3_11_91","EVOLUTION_EWS_3_11_92","EVOLUTION_EWS_3_12_0","EVOLUTION_EWS_3_13_1","EVOLUTION_EWS_3_13_10","EVOLUTION_EWS_3_13_2","EVOLUTION_EWS_3_13_3","EVOLUTION_EWS_3_13_4","EVOLUTION_EWS_3_13_5","EVOLUTION_EWS_3_13_6","EVOLUTION_EWS_3_13_7","EVOLUTION_EWS_3_13_8","EVOLUTION_EWS_3_13_9","EVOLUTION_EWS_3_13_90","EVOLUTION_EWS_3_15_91","EVOLUTION_EWS_3_15_92","EVOLUTION_EWS_3_16_0","EVOLUTION_EWS_3_17_1","EVOLUTION_EWS_3_17_2","EVOLUTION_EWS_3_17_3","EVOLUTION_EWS_3_17_4","EVOLUTION_EWS_3_17_90","EVOLUTION_EWS_3_17_91","EVOLUTION_EWS_3_17_92","EVOLUTION_EWS_3_18_0","EVOLUTION_EWS_3_19_1","EVOLUTION_EWS_3_19_2","EVOLUTION_EWS_3_19_3","EVOLUTION_EWS_3_19_4","EVOLUTION_EWS_3_19_90","EVOLUTION_EWS_3_19_91","EVOLUTION_EWS_3_19_92","EVOLUTION_EWS_3_20_0","EVOLUTION_EWS_3_21_1","EVOLUTION_EWS_3_21_2","EVOLUTION_EWS_3_21_3","EVOLUTION_EWS_3_21_4","EVOLUTION_EWS_3_21_90","EVOLUTION_EWS_3_21_91","EVOLUTION_EWS_3_21_92","EVOLUTION_EWS_3_22_0","EVOLUTION_EWS_3_23_1","EVOLUTION_EWS_3_23_2","EVOLUTION_EWS_3_23_3","EVOLUTION_EWS_3_23_4","EVOLUTION_EWS_3_23_90","EVOLUTION_EWS_3_23_91","EVOLUTION_EWS_3_23_92","EVOLUTION_EWS_3_24_0","EVOLUTION_EWS_3_25_1","EVOLUTION_EWS_3_25_2","EVOLUTION_EWS_3_25_3","EVOLUTION_EWS_3_25_4","EVOLUTION_EWS_3_25_90","EVOLUTION_EWS_3_25_91","EVOLUTION_EWS_3_25_92","EVOLUTION_EWS_3_25_92_1","EVOLUTION_EWS_3_25_92_2","EVOLUTION_EWS_3_26_0","EVOLUTION_EWS_3_27_1","EVOLUTION_EWS_3_27_2","EVOLUTION_EWS_3_27_3","EVOLUTION_EWS_3_3_1","EVOLUTION_EWS_3_3_2","EVOLUTION_EWS_3_3_3","EVOLUTION_EWS_3_3_4","EVOLUTION_EWS_3_3_5","EVOLUTION_EWS_3_3_90","EVOLUTION_EWS_3_3_91","EVOLUTION_EWS_3_3_92","EVOLUTION_EWS_3_4_0","EVOLUTION_EWS_3_5_1","EVOLUTION_EWS_3_5_2","EVOLUTION_EWS_3_5_3_FIXED","EVOLUTION_EWS_3_5_4","EVOLUTION_EWS_3_5_5","EVOLUTION_EWS_3_5_90","EVOLUTION_EWS_3_5_91","EVOLUTION_EWS_3_5_92","EVOLUTION_EWS_3_7_1","EVOLUTION_EWS_3_7_2","EVOLUTION_EWS_3_7_3","EVOLUTION_EWS_3_7_4","EVOLUTION_EWS_3_7_5","EVOLUTION_EWS_3_7_90","EVOLUTION_EWS_3_7_91","EVOLUTION_EWS_3_7_92","EVOLUTION_EWS_3_9_1","EVOLUTION_EWS_3_9_2","EVOLUTION_EWS_3_9_3","EVOLUTION_EWS_3_9_4","EVOLUTION_EWS_3_9_5","EVOLUTION_EWS_3_9_90","EVOLUTION_EWS_3_9_91","EVOLUTION_EWS_3_9_92"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-3890.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"}]}