Nixpkgs Security Tracker

Login with GitHub

Suggestions search

Untriaged
Filter by:
With package: mutt-with-sidebar

Found 3 matching suggestions

View:
Compact
Detailed
Permalink CVE-2024-49394
5.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
created 6 months ago
Mutt: neomutt: in-reply-to email header field it not protected by cryptograpic signing

In mutt and neomutt the In-Reply-To email header field is not protected by cryptographic signing which allows an attacker to reuse an unencrypted but signed email message to impersonate the original sender.

References

Affected products

mutt

Matching in nixpkgs

pkgs.mutter

Window manager for GNOME

  • nixos-unstable -

pkgs.neomutt

Small but very powerful text-based mail client

pkgs.mutt-ics

Tool to show calendar event details in Mutt

  • nixos-unstable -

pkgs.mutter46

Window manager for GNOME

  • nixos-unstable -

pkgs.mutt-wizard

System for automatically configuring mutt and isync

  • nixos-unstable -

Package maintainers

Permalink CVE-2024-49395
5.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 6 months ago
Mutt: neomutt: bcc email header field is indirectly leaked by cryptographic info block

In mutt and neomutt, PGP encryption does not use the --hidden-recipient mode which may leak the Bcc email header field by inferring from the recipients info.

References

Affected products

mutt

Matching in nixpkgs

pkgs.mutter

Window manager for GNOME

  • nixos-unstable -

pkgs.neomutt

Small but very powerful text-based mail client

pkgs.mutt-ics

Tool to show calendar event details in Mutt

  • nixos-unstable -

pkgs.mutter46

Window manager for GNOME

  • nixos-unstable -

pkgs.mutt-wizard

System for automatically configuring mutt and isync

  • nixos-unstable -

Package maintainers

Permalink CVE-2024-49393
7.4 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): NONE
created 6 months ago
Mutt: neomutt: to and cc email header fields are not protected by cryptographic signing

In neomutt and mutt, the To and Cc email headers are not validated by cryptographic signing which allows an attacker that intercepts a message to change their value and include himself as a one of the recipients to compromise message confidentiality.

References

Affected products

mutt

Matching in nixpkgs

pkgs.mutter

Window manager for GNOME

  • nixos-unstable -

pkgs.neomutt

Small but very powerful text-based mail client

pkgs.mutt-ics

Tool to show calendar event details in Mutt

  • nixos-unstable -

pkgs.mutter46

Window manager for GNOME

  • nixos-unstable -

pkgs.mutt-wizard

System for automatically configuring mutt and isync

  • nixos-unstable -

Package maintainers