Email header validation vulnerability risk
CVE-2024-49393
7.4HIGH
Key Information
- Vendor
- Red Hat
- Status
- Red Hat Enterprise Linux 7
- Red Hat Enterprise Linux 8
- Red Hat Enterprise Linux 9
- Vendor
- CVE Published:
- 12 November 2024
Summary
In neomutt and mutt, the To and Cc email headers are not validated by cryptographic signing which allows an attacker that intercepts a message to change their value and include himself as a one of the recipients to compromise message confidentiality.
CVSS V3.1
Score:
7.4
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Risk change from: null to: 7.4 - (HIGH)
Vulnerability published.
Reported to Red Hat.
Vulnerability Reserved.
Collectors
NVD DatabaseMitre Database