Vulnerability Details CVE-2024-49393
In neomutt and mutt, the To and Cc email headers are not validated by cryptographic signing which allows an attacker that intercepts a message to change their value and include himself as a one of the recipients to compromise message confidentiality.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 8.8%
CVSS Severity
CVSS v3 Score 7.4
References
Products affected by CVE-2024-49393
-
cpe:2.3:a:mutt:mutt:-
-
cpe:2.3:a:neomutt:neomutt:-
-
cpe:2.3:o:redhat:enterprise_linux:8.0
-
cpe:2.3:o:redhat:enterprise_linux:9.0