6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.071 Low
EPSS
Percentile
94.0%
DISPUTED CenterIM 4.22.3 and earlier allows user-assisted remote
attackers to execute arbitrary commands via shell metacharacters in a URI,
related to “received URLs in the message window.” NOTE: this issue has
been disputed due to the user-assisted nature, since the URL must be
selected and launched by the victim.
Author | Note |
---|---|
jdstrand | per Debian, the victim needs to list the URLs in the message with F2 and press enter on it. the victim can see the complete URL including the commands however so the impact is really low |