CVE-2019-14664

{"id": "CVE-2019-14664", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2019-08-05T20:15:11.250", "references": [{"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AVNTEF3WSOOQYKMIPEH7F77UPXES5BU5/", "source": "cve@mitre.org"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CYWBJHSBBLAHKMRWDWH2XXQDYAGDHB5I/", "source": "cve@mitre.org"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GHC5WDQ47FQSL5CTGQUYIHVC3RNZ7UH5/", "source": "cve@mitre.org"}, {"url": "https://sourceforge.net/p/enigmail/bugs/984/", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.enigmail.net/index.php/en/download/changelog", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AVNTEF3WSOOQYKMIPEH7F77UPXES5BU5/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CYWBJHSBBLAHKMRWDWH2XXQDYAGDHB5I/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GHC5WDQ47FQSL5CTGQUYIHVC3RNZ7UH5/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://sourceforge.net/p/enigmail/bugs/984/", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.enigmail.net/index.php/en/download/changelog", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-319"}]}], "descriptions": [{"lang": "en", "value": "In Enigmail below 2.1, an attacker in possession of PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended receiver. If the receiver replies to this (benign looking) email, he unknowingly leaks the plaintext of the encrypted message part(s) back to the attacker. This attack variant bypasses protection mechanisms implemented after the \"EFAIL\" attacks."}, {"lang": "es", "value": "En Enigmail anterior a versi\u00f3n 2.1, un atacante en posesi\u00f3n de correos electr\u00f3nicos cifrados con PGP puede empaquetados como sub-partes dentro de un correo electr\u00f3nico multiparte dise\u00f1ado. La(s) parte(s) encriptada(s) puede ocultarse a\u00fan m\u00e1s usando caracteres HTML/CSS o de nueva l\u00ednea ASCII. El atacante puede reenviar este correo electr\u00f3nico multiparte modificado al receptor deseado. Si el receptor responde a este correo electr\u00f3nico (de aspecto benigno), sin saberlo, filtra el texto plano de la(s) parte(s) del mensaje cifrado para el atacante. Esta variante de ataque omite los mecanismos de protecci\u00f3n implementados despu\u00e9s de los ataques de tipo \"EFAIL\"."}], "lastModified": "2024-11-21T04:27:05.860", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:enigmail:enigmail:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F8173C8A-59C0-4F74-826B-AA18C869D3BA", "versionEndExcluding": "2.1"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3"}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33"}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}