Certificate Validation Vulnerability in Mutt Email Client
CVE-2020-14154

4.8MEDIUM

Key Information:

Vendor

Mutt

Status
Mutt
Vendor
CVE Published:
15 June 2020

What is CVE-2020-14154?

The Mutt email client prior to version 1.14.3 exhibits a vulnerability where it continues with the connection process even if a user opts to reject an expired intermediate certificate presented in a GnuTLS prompt. This behavior can potentially expose users to security risks, as the decision by the user to reject an expired certificate is not honored, leading to continued communication under potentially compromised conditions.

References

http://www.mutt.org
x_refsource_MISC
http://lists.mutt.org/pipermail/mutt-announce/Week-of-Mon...
x_refsource_MISC
https://bugs.gentoo.org/728300
x_refsource_MISC

CVSS V3.1

Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.