CVE-2019-8338 in Airmailالمعلومات

الملخص

بحسب MITRE

The signature verification routine in the Airmail GPG-PGP Plugin, versions 1.0 (9) and earlier, does not verify the status of the signature at all, which allows remote attackers to spoof arbitrary email signatures by crafting a signed email with an invalid signature. Also, it does not verify the validity of the signing key, which allows remote attackers to spoof arbitrary email signatures by crafting a key with a fake user ID (email address) and injecting it into the user's keyring.

Be aware that VulDB is the high quality source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

حجز

15/02/2019

الاعتدال

تمت الموافقة

إدخال

VDB-135166

CPE

جاهز

CWE

CWE-347 (مؤكد)

CVSS

5.9 (NVD)

EPSS

0.00331

KEV

لا

النشاطات

منخفض جدًا

المصادر

MITRE	https://www.cve.org/CVERecord?id=CVE-2019-8338
NVD	https://nvd.nist.gov/vuln/detail/CVE-2019-8338
CVE Details	https://www.cvedetails.com/cve/CVE-2019-8338/

التالي ▸نظرة عامة ◂ السابق

Do you want to use VulDB in your project?

Use the official API to access entries easily!