CVE-2024-49395Exposure of Sensitive Information Through Metadata in Redhat Enterprise Linux

CWE-1230Exposure of Sensitive Information Through Metadata6 documents6 sources
Severity
5.3MEDIUMNVD
EPSS
0.1%
top 64.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Redhat Enterprise Linux
Timeline
PublishedNov 12

Description

In mutt and neomutt, PGP encryption does not use the --hidden-recipient mode which may leak the Bcc email header field by inferring from the recipients info.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages0 packages

Also affects: Enterprise Linux 8.0, 9.0

🔴Vulnerability Details

3
CVEList
Mutt: neomutt: bcc email header field is indirectly leaked by cryptographic info block2024-11-12
OSV
CVE-2024-49395: In mutt and neomutt, PGP encryption does not use the --hidden-recipient mode which may leak the Bcc email header field by inferring from the recipient2024-11-12
GHSA
GHSA-88hm-mv53-m5h7: In mutt and neomutt, PGP encryption does not use the --hidden-recipient mode which may leak the Bcc email header field by inferring from the recipient2024-11-12

📋Vendor Advisories

2
Red Hat
mutt: neomutt: Bcc email header field is indirectly leaked by cryptographic info block2024-11-11
Debian
CVE-2024-49395: mutt - In mutt and neomutt, PGP encryption does not use the --hidden-recipient mode whi...2024
CVE-2024-49395 — Redhat Enterprise Linux vulnerability | cvebase