CVE-2019-10735

{"id": "CVE-2019-10735", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2019-04-07T15:29:00.340", "references": [{"url": "https://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=4159", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-319"}]}], "descriptions": [{"lang": "en", "value": "In Claws Mail 3.14.1, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended receiver. If the receiver replies to this (benign looking) email, they unknowingly leak the plaintext of the encrypted message part(s) back to the attacker."}, {"lang": "es", "value": "En Claws Mail 3.14.1 un atacante que posea correos electr\u00f3nicos cifrados en S/MIME o PGP puede envolverlos como subpartes de un correo electr\u00f3nico multiparte manipulado. La(s) parte(s) cifrada(s) se puede(n) ocultar a\u00fan m\u00e1s utilizando caracteres de nuevas l\u00edneas ASCII o HTML/CSS. Este correo electr\u00f3nico multiparte manipulado puede ser reenviado por el atacante al destinatario previsto. Si el destinatario responde a este correo (de aspecto benigno), estar\u00eda filtrando el texto plano de algunas partes del mensaje cifrado sin querer, devolvi\u00e9ndoselas al atacante."}], "lastModified": "2021-07-21T11:39:23.747", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:claws-mail:mail:3.14.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CB877174-D91A-4CCA-B274-0D9B6E6BF058"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}