CVE-2024-49393

MEDIUM(6.5)

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N

Risk Signal Score16/100 — NIEDRIG

CVSS 6.5 — Mittel

EPSS-Score

Exploit-Wahrscheinlichkeit (30 Tage)

CVSS Score

6.5

Technische Schwere

Beschreibung

In neomutt and mutt, the To and Cc email headers are not validated by cryptographic signing which allows an attacker that intercepts a message to change their value and include himself as a one of the recipients to compromise message confidentiality.

Referenzen

https://access.redhat.com/security/cve/CVE-2024-49393
https://bugzilla.redhat.com/show_bug.cgi?id=2325317
https://github.com/neomutt/neomutt/issues/4223
https://github.com/neomutt/neomutt/pull/4221
https://github.com/neomutt/neomutt/pull/4227