CVE-2021-3349

{"id": "CVE-2021-3349", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 1.8}]}, "published": "2021-02-01T05:15:11.880", "references": [{"url": "https://dev.gnupg.org/T4735", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://gitlab.gnome.org/GNOME/evolution/-/issues/299", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://mgorny.pl/articles/evolution-uid-trust-extrapolation.html", "tags": ["Exploit", "Technical Description", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-345"}]}], "descriptions": [{"lang": "en", "value": "GNOME Evolution through 3.38.3 produces a \"Valid signature\" message for an unknown identifier on a previously trusted key because Evolution does not retrieve enough information from the GnuPG API. NOTE: third parties dispute the significance of this issue, and dispute whether Evolution is the best place to change this behavior"}, {"lang": "es", "value": "** EN DISPUTA ** GNOME Evolution versiones hasta 3.38.3, produce un mensaje \"Valid signature\" para un identificador desconocido en una clave previamente confiable porque Evolution no recupera suficiente informaci\u00f3n de la API de GnuPG. NOTA: terceros disputan la importancia de este problema y disputan si Evolution es el mejor lugar para cambiar este comportamiento"}], "lastModified": "2024-04-11T01:12:43.150", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gnome:evolution:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "50CECDB2-1979-42E6-AA09-EE275F573202", "versionEndIncluding": "3.38.3"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}