Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2021-38502

Опубликовано: 03 нояб. 2021
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 4.3
CVSS3: 5.9

Описание

Thunderbird ignored the configuration to require STARTTLS security for an SMTP connection. A MITM could perform a downgrade attack to intercept transmitted messages, or could take control of the authenticated session to execute SMTP commands chosen by the MITM. If an unprotected authentication method was configured, the MITM could obtain the authentication credentials, too. This vulnerability affects Thunderbird < 91.2.

РелизСтатусПримечание
bionic

released

1:91.5.0+build1-0ubuntu0.18.04.1
devel

released

1:91.3.1+build1-0ubuntu1
esm-infra/focal

DNE

focal

released

1:91.5.0+build1-0ubuntu0.20.04.1
hirsute

ignored

end of life
impish

released

1:91.3.1+build1-0ubuntu0.21.10.1
jammy

released

1:91.3.1+build1-0ubuntu1
kinetic

released

1:91.3.1+build1-0ubuntu1
lunar

released

1:91.3.1+build1-0ubuntu1
trusty

ignored

end of standard support

Показывать по

Ссылки на источники

EPSS

Процентиль: 63%
0.00461
Низкий

4.3 Medium

CVSS2

5.9 Medium

CVSS3

Связанные уязвимости

redhat логотип

CVE-2021-38502

CVSS3: 7.5
redhat
почти 4 года назад

Thunderbird ignored the configuration to require STARTTLS security for an SMTP connection. A MITM could perform a downgrade attack to intercept transmitted messages, or could take control of the authenticated session to execute SMTP commands chosen by the MITM. If an unprotected authentication method was configured, the MITM could obtain the authentication credentials, too. This vulnerability affects Thunderbird < 91.2.

nvd логотип

CVE-2021-38502

CVSS3: 5.9
nvd
почти 4 года назад

Thunderbird ignored the configuration to require STARTTLS security for an SMTP connection. A MITM could perform a downgrade attack to intercept transmitted messages, or could take control of the authenticated session to execute SMTP commands chosen by the MITM. If an unprotected authentication method was configured, the MITM could obtain the authentication credentials, too. This vulnerability affects Thunderbird < 91.2.

debian логотип

CVE-2021-38502

CVSS3: 5.9
debian
почти 4 года назад

Thunderbird ignored the configuration to require STARTTLS security for ...

rocky логотип

RLSA-2021:3838

rocky
почти 4 года назад

Important: thunderbird security update

github логотип

GHSA-wf24-4m95-7wjm

CVSS3: 5.9
github
около 3 лет назад

Thunderbird ignored the configuration to require STARTTLS security for an SMTP connection. A MITM could perform a downgrade attack to intercept transmitted messages, or could take control of the authenticated session to execute SMTP commands chosen by the MITM. If an unprotected authentication method was configured, the MITM could obtain the authentication credentials, too. This vulnerability affects Thunderbird < 91.2.

EPSS

Процентиль: 63%
0.00461
Низкий

4.3 Medium

CVSS2

5.9 Medium

CVSS3