In mutt and neomutt the In-Reply-To email header field is not protected by cryptographic signing which allows an attacker to reuse an unencrypted but signed email message to impersonate the original sender.
History

Tue, 12 Nov 2024 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 12 Nov 2024 02:45:00 +0000

Type Values Removed Values Added
Title mutt: neomutt: In-Reply-To email header field it not protected by cryptograpic signing Mutt: neomutt: in-reply-to email header field it not protected by cryptograpic signing
First Time appeared Redhat
Redhat enterprise Linux
CPEs cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
References

Tue, 12 Nov 2024 01:45:00 +0000

Type Values Removed Values Added
Description In mutt and neomutt the In-Reply-To email header field is not protected by cryptographic signing which allows an attacker to reuse an unencrypted but signed email message to impersonate the original sender.
Title mutt: neomutt: In-Reply-To email header field it not protected by cryptograpic signing
Weaknesses CWE-347
References
Metrics threat_severity

None

cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}

threat_severity

Low


cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2024-11-12T02:07:19.551Z

Updated: 2024-11-12T14:25:14.390Z

Reserved: 2024-10-14T17:56:03.767Z

Link: CVE-2024-49394

cve-icon Vulnrichment

Updated: 2024-11-12T14:25:10.403Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-11-12T03:15:03.677

Modified: 2024-11-12T13:55:21.227

Link: CVE-2024-49394

cve-icon Redhat

Severity : Low

Publid Date: 2024-11-11T00:00:00Z

Links: CVE-2024-49394 - Bugzilla