Lucene search

GoogleOSV:CVE-2020-24904

HistoryAug 11, 2023 - 2:15 p.m.

CVE-2020-24904

2023-08-1114:15:10

Google

osv.dev

cve-2020-24904

remote attack

sensitive information

crafted "mailto" link

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

7.1 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

43.4%

JSON

An issue was discovered in attach parameter in GNOME Gmail version 2.5.4, allows remote attackers to gain sensitive information via crafted “mailto” link.

CPENameOperatorVersion
gnome-gmaileqdebian/2.2-2
gnome-gmaileqmaster/2.5.3
gnome-gmaileqmaster/2.1
gnome-gmaileqdebian/1.9.1-1
gnome-gmaileq1.8.1
gnome-gmaileqdebian/2.3.1-2
gnome-gmaileqmaster/2.0.1
gnome-gmaileq1.8
gnome-gmaileqmaster/2.3
gnome-gmaileq1.8.2

Name	Operator	Version
gnome-gmail	eq	debian/2.2-2
gnome-gmail	eq	master/2.5.3
gnome-gmail	eq	master/2.1
gnome-gmail	eq	debian/1.9.1-1
gnome-gmail	eq	1.8.1
gnome-gmail	eq	debian/2.3.1-2
gnome-gmail	eq	master/2.0.1
gnome-gmail	eq	1.8
gnome-gmail	eq	master/2.3
gnome-gmail	eq	1.8.2

Rows per page:

1-10 of 431

References

github.com/davesteele/gnome-gmail/issues/84

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

7.1 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

43.4%

JSON

Related for OSV:CVE-2020-24904