CVE-2022-4055
Published: 19 November 2022
When xdg-mail is configured to use thunderbird for mailto URLs, improper parsing of the URL can lead to additional headers being passed to thunderbird that should not be included per RFC 2368. An attacker can use this method to create a mailto URL that looks safe to users, but will actually attach files when clicked.
Notes
Author | Note |
---|---|
mdeslaur | as of 2023-01-03, there is no upstream fix for this issue |
Priority
Status
Package | Release | Status |
---|---|---|
xdg-utils Launchpad, Ubuntu, Debian |
bionic |
Deferred
(2023-01-03)
|
focal |
Deferred
(2023-01-03)
|
|
jammy |
Deferred
(2023-01-03)
|
|
kinetic |
Ignored
(end of life, was deferred [2023-01-03])
|
|
lunar |
Ignored
(end of life, was deferred [2023-01-03])
|
|
mantic |
Deferred
(2023-01-03)
|
|
noble |
Deferred
(2023-01-03)
|
|
trusty |
Ignored
(end of standard support)
|
|
upstream |
Needs triage
|
|
xenial |
Deferred
(2023-01-03)
|
|
Patches: other: https://gitlab.freedesktop.org/xdg/xdg-utils/-/merge_requests/58 |
Severity score breakdown
Parameter | Value |
---|---|
Base score | 7.4 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | Required |
Scope | Changed |
Confidentiality | None |
Integrity impact | High |
Availability impact | None |
Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N |