In mutt and neomutt the In-Reply-To email header field is not protected by cryptographic signing which allows an attacker to reuse an unencrypted but signed email message to impersonate the original sender.
History

Thu, 14 Nov 2024 14:00:00 +0000

Type Values Removed Values Added
First Time appeared Mutt
Mutt mutt
Neomutt
Neomutt neomutt
CPEs cpe:2.3:a:mutt:mutt:-:*:*:*:*:*:*:*
cpe:2.3:a:neomutt:neomutt:-:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
Vendors & Products Mutt
Mutt mutt
Neomutt
Neomutt neomutt

Tue, 12 Nov 2024 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 12 Nov 2024 02:45:00 +0000

Type Values Removed Values Added
Title mutt: neomutt: In-Reply-To email header field it not protected by cryptograpic signing Mutt: neomutt: in-reply-to email header field it not protected by cryptograpic signing
First Time appeared Redhat
Redhat enterprise Linux
CPEs cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
References

Tue, 12 Nov 2024 01:45:00 +0000

Type Values Removed Values Added
Description In mutt and neomutt the In-Reply-To email header field is not protected by cryptographic signing which allows an attacker to reuse an unencrypted but signed email message to impersonate the original sender.
Title mutt: neomutt: In-Reply-To email header field it not protected by cryptograpic signing
Weaknesses CWE-347
References
Metrics threat_severity

None

cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}

threat_severity

Low


cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2024-11-12T02:07:19.551Z

Updated: 2024-11-15T21:17:38.087Z

Reserved: 2024-10-14T17:56:03.767Z

Link: CVE-2024-49394

cve-icon Vulnrichment

Updated: 2024-11-12T14:25:10.403Z

cve-icon NVD

Status : Analyzed

Published: 2024-11-12T03:15:03.677

Modified: 2024-11-14T13:38:04.143

Link: CVE-2024-49394

cve-icon Redhat

Severity : Low

Publid Date: 2024-11-11T00:00:00Z

Links: CVE-2024-49394 - Bugzilla