Lucene search

K

Redhat.comRH:CVE-2023-50762

HistoryDec 20, 2023 - 1:33 p.m.

CVE-2023-50762

2023-12-2013:33:31

redhat.com

access.redhat.com

18

mozilla foundation

pgp

mime

digitally signed

spoofing

email header

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

6.8 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

19.6%

The Mozilla Foundation Security Advisory: When processing a PGP/MIME payload that contains digitally signed text, the first paragraph of the text was never shown to the user. This is because the text was interpreted as a MIME message and the first paragraph was always treated as an email header section. A digitally signed text from a different context, such as a signed GIT commit, could be used to spoof an email message.

References

bugzilla.redhat.com/show_bug.cgi?id=2255379

nvd.nist.gov/vuln/detail/CVE-2023-50762

www.cve.org/CVERecord?id=CVE-2023-50762

www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-50762

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

6.8 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

19.6%

Related for RH:CVE-2023-50762

nvd1 debiancve1 alpinelinux1 veracode1 cvelist1 ubuntucve1 prion1 cve1 osv6 nessus28 debian2 openvas9 oraclelinux3 redhat9 amazon1 mozilla1 almalinux2 rocky1 centos1 slackware1 kaspersky1 ubuntu1 mageia1 gentoo1