CVE-2020-14093 — Cleartext Transmission of Sensitive Info in Mutt

CWE-319 — Cleartext Transmission of Sensitive Info CWE-200 — Sensitive Information Exposure11 documents9 sources

Severity

5.9MEDIUMNVD

EPSS

3.9%

top 11.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mutt Neomutt Canonical Ubuntu Linux +2 more

Timeline

PublishedJun 15

Latest updateMay 24

Description

Mutt before 1.14.3 allows an IMAP fcc/postpone man-in-the-middle attack via a PREAUTH response.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages5 packages

▶NVDmutt/mutt< 1.14.3

▶Debianmutt/mutt< 1.14.3-1+3

▶Ubuntumutt/mutt< 1.5.24-1ubuntu0.3+2

▶Debianneomutt/neomutt< 20200619+dfsg.1-1+3

▶NVDopensuse/leap15.1, 15.2+1

Also affects: Debian Linux 10.0, 8.0, 9.0, Ubuntu Linux 12.04, 16.04, 18.04, 19.10, 20.04

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-g5v2-qw45-mc5h: Mutt before 1↗2022-05-24

▶

OSV

mutt vulnerabilities↗2020-06-22

▶

OSV

CVE-2020-14093: Mutt before 1↗2020-06-15

▶

CVEList

CVE-2020-14093: Mutt before 1↗2020-06-15

▶

💥Exploits & PoCs

Exploit-DB

Cayin Content Management Server 11.0 - Remote Command Injection (root)↗2020-06-04

▶

📋Vendor Advisories

Ubuntu

Mutt vulnerabilities↗2020-06-22

▶

Red Hat

mutt: IMAP fcc/postpone man-in-the-middle attack via a PREAUTH response↗2020-06-15

▶

Debian

CVE-2020-14093: mutt - Mutt before 1.14.3 allows an IMAP fcc/postpone man-in-the-middle attack via a PR...↗2020

▶

💬Community

Bugzilla

CVE-2020-14093 mutt: IMAP fcc/postpone man-in-the-middle attack via a PREAUTH response [fedora-all]↗2020-06-18

▶

Bugzilla

CVE-2020-14093 mutt: IMAP fcc/postpone man-in-the-middle attack via a PREAUTH response↗2020-06-18

▶