CVE-2020-14154 Information

Feb 14, 2021 cve

Description

Mutt before 1.14.3 proceeds with a connection even if in response to a GnuTLS certificate prompt the user rejects an expired intermediate certificate.

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Reference

http://lists.mutt.org/pipermail/mutt-announce/Week-of-Mon-20200608/000022.html http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00064.html http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00070.html http://www.mutt.org https://bugs.gentoo.org/728300 https://security.gentoo.org/glsa/202007-57 https://usn.ubuntu.com/4401-1/

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

NONE

Base Severity

4.8

Share on: