exploitDog

CVE-2018-20954

Опубликовано: 08 авг. 2019

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

The "Security and Privacy" Encryption feature in Mailpile before 1.0.0rc4 does not exclude disabled, revoked, and expired keys.

Ссылки

https://github.com/mailpile/Mailpile/commit/49b64f62ade9ade3dff9337c7bbc1171eab3d59e
Patch
Third Party Advisory
https://github.com/mailpile/Mailpile/compare/1.0.0rc3...1.0.0rc4
Third Party Advisory
https://github.com/mailpile/Mailpile/pull/2145
Third Party Advisory
https://github.com/mailpile/Mailpile/commit/49b64f62ade9ade3dff9337c7bbc1171eab3d59e
Patch
Third Party Advisory
https://github.com/mailpile/Mailpile/compare/1.0.0rc3...1.0.0rc4
Third Party Advisory
https://github.com/mailpile/Mailpile/pull/2145
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:mailpile:mailpile:0.5.0:*:*:*:*:*:*:*

cpe:2.3:a:mailpile:mailpile:0.5.1:*:*:*:*:*:*:*

cpe:2.3:a:mailpile:mailpile:0.5.2:*:*:*:*:*:*:*

cpe:2.3:a:mailpile:mailpile:1.0.0:rc0:*:*:*:*:*:*

cpe:2.3:a:mailpile:mailpile:1.0.0:rc1:*:*:*:*:*:*

cpe:2.3:a:mailpile:mailpile:1.0.0:rc2:*:*:*:*:*:*

cpe:2.3:a:mailpile:mailpile:1.0.0:rc3:*:*:*:*:*:*

EPSS

Процентиль: 44%

0.00214

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-287

Связанные уязвимости

GHSA-rfvw-9494-24h7

CVSS3: 7.5

github

больше 3 лет назад

The "Security and Privacy" Encryption feature in Mailpile before 1.0.0rc4 does not exclude disabled, revoked, and expired keys.

EPSS

Процентиль: 44%

0.00214

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-287