Vulnerability Details CVE-2018-20954
The "Security and Privacy" Encryption feature in Mailpile before 1.0.0rc4 does not exclude disabled, revoked, and expired keys.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 44.0%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- https://github.com/mailpile/Mailpile/commit/49b64f62ade9ade3dff9337c7bbc1171eab3d59e
- https://github.com/mailpile/Mailpile/compare/1.0.0rc3...1.0.0rc4
- https://github.com/mailpile/Mailpile/pull/2145
- https://github.com/mailpile/Mailpile/commit/49b64f62ade9ade3dff9337c7bbc1171eab3d59e
- https://github.com/mailpile/Mailpile/compare/1.0.0rc3...1.0.0rc4
- https://github.com/mailpile/Mailpile/pull/2145
Products affected by CVE-2018-20954
-
cpe:2.3:a:mailpile:mailpile:0.5.0
-
cpe:2.3:a:mailpile:mailpile:0.5.1
-
cpe:2.3:a:mailpile:mailpile:0.5.2
-
cpe:2.3:a:mailpile:mailpile:1.0.0