Описание
Mailvelope prior to 3.3.0 does not require user interaction to import public keys shown on web page. This functionality can be tricked to either hide a key import from the user or obscure which key was imported.
Ссылки
- Release NotesThird Party Advisory
- Release NotesThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3.3.0 (исключая)
cpe:2.3:a:mailvelope:mailvelope:*:*:*:*:*:*:*:*
EPSS
Процентиль: 51%
0.00283
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-320
Связанные уязвимости
CVSS3: 5.3
github
больше 3 лет назад
Mailvelope prior to 3.3.0 does not require user interaction to import public keys shown on web page. This functionality can be tricked to either hide a key import from the user or obscure which key was imported.
EPSS
Процентиль: 51%
0.00283
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-320