ROSA LABROSA-SA-2024-2444Advisory ROSA-SA-2024-2444
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
AI Score
Confidence
Low
Software: xdg-utils 1.1.3
OS: ROSA-CHROME
package_evr_string: xdg-utils-1.1.3-5
CVE-ID: CVE-2020-27748
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC.: When processing URI mailto: xdg-email allows attachments to be discreetly added via URI when transmitted to Thunderbird. An attacker could potentially send the victim a URI that automatically attaches a confidential file to a new email. If the victim user does not notice that an attachment has been added and sends the email, this could lead to the disclosure of sensitive information. It has been confirmed that the code behind this issue is in xdg-email, not Thunderbird.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update xdg-utils
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
AI Score
Confidence
Low