CVE-2002-1903
published 2002-12-31CVE-2002-1903: Pine 4.2.1 through 4.4.4 puts Unix usernames and/or uid into Sender: and X-Sender: headers, which could allow remote attackers to obtain sensitive information.
PriorityP49medium5CVSS 2.0
AVNACLAuNCPINAN
EPSS
1.45%
70.0th percentile
Pine 4.2.1 through 4.4.4 puts Unix usernames and/or uid into Sender: and X-Sender: headers, which could allow remote attackers to obtain sensitive information.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | alpine | — | — |
| university_of_washington | pine | — | — |
| university_of_washington | pine | — | — |
| university_of_washington | pine | — | — |
| university_of_washington | pine | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vendor_debian5.0LOW
vendor_redhat5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
pine username disclosure issue
vendor_redhat·2002-06-07·CVSS 5.0
CVE-2002-1903 [MEDIUM] pine username disclosure issue
pine username disclosure issue
Pine 4.2.1 through 4.4.4 puts Unix usernames and/or uid into Sender: and X-Sender: headers, which could allow remote attackers to obtain sensitive information.
Statement: The Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here:
https://access.redhat.com/security/updates/classification/
Debian
CVE-2002-1903: alpine - Pine 4.2.1 through 4.4.4 puts Unix usernames and/or uid into Sender: and X-Sende...
vendor_debian·2002·CVSS 5.0
CVE-2002-1903 [MEDIUM] CVE-2002-1903: alpine - Pine 4.2.1 through 4.4.4 puts Unix usernames and/or uid into Sender: and X-Sende...
Pine 4.2.1 through 4.4.4 puts Unix usernames and/or uid into Sender: and X-Sender: headers, which could allow remote attackers to obtain sensitive information.
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved
sid: resolved
trixie: resolved
GHSA
GHSA-mr5f-r5qw-mrjr: Pine 4
ghsa_unreviewed·2022-04-30
CVE-2002-1903 [MEDIUM] GHSA-mr5f-r5qw-mrjr: Pine 4
Pine 4.2.1 through 4.4.4 puts Unix usernames and/or uid into Sender: and X-Sender: headers, which could allow remote attackers to obtain sensitive information.
No detection rules found.
No public exploits indexed.
2002-12-31
Published