CVE-2022-4055

xdg-utils: improper parse of mailto URIs allows bypass of Thunderbird security mechanism for attachments

Severity Score

7.4

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track*

*SSVC

Descriptions

When xdg-mail is configured to use thunderbird for mailto URLs, improper parsing of the URL can lead to additional headers being passed to thunderbird that should not be included per RFC 2368. An attacker can use this method to create a mailto URL that looks safe to users, but will actually attach files when clicked.

Cuando xdg-mail está configurado para usar Thunderbird para URL de correo, el análisis incorrecto de la URL puede provocar que se pasen encabezados adicionales a Thunderbird que no deberían incluirse según RFC 2368. Un atacante puede usar este método para crear una URL de correo que parezca segura a los usuarios, pero en realidad adjuntará archivos cuando se haga clic en ellos.

An update for xdg-utils is now available for Red Hat Enterprise Linux 9. Issues addressed include a bypass vulnerability.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

None

Integrity

High

Availability

None

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

Complete

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:Track*

Exploitation

Poc

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2022-11-17 CVE Reserved
2022-11-18 CVE Published
2025-04-29 CVE Updated
2025-04-29 First Exploit
2025-07-24 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-146: Improper Neutralization of Expression/Command Delimiters

CAPEC

References (3)

URL	Tag	Source

URL	Date	SRC
https://gitlab.freedesktop.org/xdg/xdg-utils/-/issues/205#note_1494267	2025-04-29

URL	Date	SRC

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2022-4055	2025-05-15
https://bugzilla.redhat.com/show_bug.cgi?id=2143792	2025-05-15

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Freedesktop Search vendor "Freedesktop"		Xdg-utils Search vendor "Freedesktop" for product "Xdg-utils"				>= 1.1.0 <= 1.1.3 Search vendor "Freedesktop" for product "Xdg-utils" and version " >= 1.1.0 <= 1.1.3"		-		Affected