Lucene search
RedhatCVELIST:CVE-2022-4055HistoryNov 18, 2022 - 12:00 a.m.
CVE-2022-4055
2022-11-1800:00:00
CWE-146
redhat
www.cve.org
1
xdg-mail
thunderbird
mailto urls
rfc 2368
file attachment
cve-2022-4055
0.001 Low
EPSS
Percentile
32.1%
When xdg-mail is configured to use thunderbird for mailto URLs, improper parsing of the URL can lead to additional headers being passed to thunderbird that should not be included per RFC 2368. An attacker can use this method to create a mailto URL that looks safe to users, but will actually attach files when clicked.
CNA Affected
[
{
"vendor": "n/a",
"product": "xdg-utils",
"versions": [
{
"version": "xdg-utils 1.1.0 to and including 1.1.3",
"status": "affected"
}
]
}
]Related
prion
prion
Design/Logic Flaw
2022-11-19 00:15:00
alpinelinux
alpinelinux
CVE-2022-4055
2022-11-19 00:15:00
debiancve
debiancve
CVE-2022-4055
2022-11-19 00:15:31
cve
cve
CVE-2022-4055
2022-11-19 00:15:31
cbl_mariner
cbl_mariner
CVE-2022-4055 affecting package xdg-utils 1.1.3-7
2024-07-05 21:08:40
nvd
nvd
CVE-2022-4055
2022-11-19 00:15:31
osv
osv
CVE-2022-4055
2022-11-19 00:15:31
redhatcve
redhatcve
CVE-2022-4055
2022-11-17 21:25:57
nessus
nessus
RHEL 9 : xdg-utils (Unpatched Vulnerability)
2024-06-03 00:00:00
RHEL 6 : xdg-utils (Unpatched Vulnerability)
2024-05-11 00:00:00
RHEL 8 : xdg-utils (Unpatched Vulnerability)
2024-06-03 00:00:00
ubuntucve
ubuntucve
CVE-2022-4055
2022-11-19 00:00:00
amazon
amazon
Medium: xdg-utils
2023-03-17 16:35:00