Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2020-15646

Опубликовано: 30 июн. 2020
Источник: redhat
CVSS3: 5.9
EPSS Низкий

Описание

If an attacker intercepts Thunderbird's initial attempt to perform automatic account setup using the Microsoft Exchange autodiscovery mechanism, and the attacker sends a crafted response, then Thunderbird sends username and password over https to a server controlled by the attacker. This vulnerability affects Thunderbird < 68.10.0.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5thunderbirdOut of support scope
Red Hat Enterprise Linux 6thunderbirdFixedRHSA-2020:296616.07.2020
Red Hat Enterprise Linux 7thunderbirdFixedRHSA-2020:290614.07.2020
Red Hat Enterprise Linux 8thunderbirdFixedRHSA-2020:303821.07.2020
Red Hat Enterprise Linux 8.0 Update Services for SAP SolutionsthunderbirdFixedRHSA-2020:304621.07.2020
Red Hat Enterprise Linux 8.1 Extended Update SupportthunderbirdFixedRHSA-2020:290714.07.2020

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-200
https://bugzilla.redhat.com/show_bug.cgi?id=1854036Mozilla: Automatic account setup leaks Microsoft Exchange login credentials

EPSS

Процентиль: 48%
0.00254
Низкий

5.9 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2020-15646

CVSS3: 5.9
ubuntu
больше 5 лет назад

If an attacker intercepts Thunderbird's initial attempt to perform automatic account setup using the Microsoft Exchange autodiscovery mechanism, and the attacker sends a crafted response, then Thunderbird sends username and password over https to a server controlled by the attacker. This vulnerability affects Thunderbird < 68.10.0.

nvd логотип

CVE-2020-15646

CVSS3: 5.9
nvd
больше 5 лет назад

If an attacker intercepts Thunderbird's initial attempt to perform automatic account setup using the Microsoft Exchange autodiscovery mechanism, and the attacker sends a crafted response, then Thunderbird sends username and password over https to a server controlled by the attacker. This vulnerability affects Thunderbird < 68.10.0.

debian логотип

CVE-2020-15646

CVSS3: 5.9
debian
больше 5 лет назад

If an attacker intercepts Thunderbird's initial attempt to perform aut ...

github логотип

GHSA-4w45-xx62-4547

github
больше 3 лет назад

If an attacker intercepts Thunderbird's initial attempt to perform automatic account setup using the Microsoft Exchange autodiscovery mechanism, and the attacker sends a crafted response, then Thunderbird sends username and password over https to a server controlled by the attacker. This vulnerability affects Thunderbird < 68.10.0.

EPSS

Процентиль: 48%
0.00254
Низкий

5.9 Medium

CVSS3