Vulnerability CVE-2019-8337


Published: 2019-02-13   Modified: 2019-02-14

Description:
In msmtp 1.8.2 and mpop 1.4.3, when tls_trust_file has its default configuration, certificate-verification results are not properly checked.

Type:

CWE-295

(Certificate Issues)

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None
Affected software
Marlam -> Msmtp 
Marlam -> MPOP 

 References:
https://gitlab.marlam.de/marlam/mpop/commit/b51a6c6b8b83bf0913cc52fa2ff64307e987a5b8
https://marlam.de/mpop/news/mpop-1-4-3/
https://marlam.de/msmtp/news/

Copyright 2024, cxsecurity.com

 

Back to Top