CVE-2018-15667
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. It registers and uses the airmail:// URL scheme. The "send" command in the URL scheme allows an external application to send arbitrary emails from an active account without authentication. The handler has no restriction on who can use its functionality. The handler can be invoked using any method that invokes the URL handler such as a hyperlink in an email. The user is not prompted when the handler processes the "send" command, thus leading to automatic transmission of an attacker crafted email from the target account.
Se ha descubierto un error en la versión 3.3.5.9 de Bloop Airmail para macOS. Registra y utiliza el esquema URL airmail://. El comando "send" en el esquema URL permite que una aplicación externa envíe correos arbitrarios desde una cuenta activa sin autenticación. El manipulador no tiene restricciones sobre quién puede utilizar su funcionalidad. El manipulador se puede invocar usando cualquier método que invoque el manipulador URL como un hipervínculo en un correo. No se le pide ninguna confirmación al usuario cuando el manipulador procesa el comando "send", conduciendo al envío automático de un correo manipulado por el atacante desde la cuenta objetivo.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-08-21 CVE Reserved
- 2018-08-21 CVE Published
- 2024-06-30 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-287: Improper Authentication
CAPEC
References (1)
URL | Tag | Source |
---|---|---|
https://versprite.com/advisories/airmail-3-for-mac | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Airmailapp Search vendor "Airmailapp" | Airmail Search vendor "Airmailapp" for product "Airmail" | 3.3.5.9 Search vendor "Airmailapp" for product "Airmail" and version "3.3.5.9" | - |
Affected
|