exploitDog

CVE-2023-32290

Опубликовано: 07 мая 2023

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

The myMail app through 14.30 for iOS sends cleartext credentials in a situation where STARTTLS is expected by a server.

Ссылки

https://apps.apple.com/fm/app/mymail-email-app-for-gmail/id722120997
Product
https://mailbox.org/en/post/mailbox-org-discovers-unencrypted-password-transmission-in-mymail
Vendor Advisory
https://news.ycombinator.com/item?id=35845308
Issue Tracking
https://apps.apple.com/fm/app/mymail-email-app-for-gmail/id722120997
Product
https://mailbox.org/en/post/mailbox-org-discovers-unencrypted-password-transmission-in-mymail
Vendor Advisory
https://news.ycombinator.com/item?id=35845308
Issue Tracking

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:vk.company:mymail:*:*:*:*:*:iphone_os:*:*

Версия до 14.30 (включая)

EPSS

Процентиль: 32%

0.00122

Низкий

7.5 High

CVSS3

Дефекты

CWE-311

CWE-319

Связанные уязвимости

GHSA-3j54-7gqc-xjwp

CVSS3: 7.5

github

почти 3 года назад

The myMail app through 14.30 for iOS sends cleartext credentials in a situation where STARTTLS is expected by a server.

EPSS

Процентиль: 32%

0.00122

Низкий

7.5 High

CVSS3

Дефекты

CWE-311

CWE-319