CVE-2019-10734
First published: Sun Apr 07 2019(Updated: )
In KDE Trojita 0.7, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended receiver. If the receiver replies to this (benign looking) email, they unknowingly leak the plaintext of the encrypted message part(s) back to the attacker.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Trojita | =0.7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2019-10734?
CVE-2019-10734 has been classified as a medium severity vulnerability.
How do I fix CVE-2019-10734?
To mitigate CVE-2019-10734, upgrade to a version of KDE Trojita later than 0.7 that addresses this vulnerability.
What kind of attacks can exploit CVE-2019-10734?
CVE-2019-10734 can be exploited by attackers who wrap S/MIME or PGP encrypted emails within crafted multipart emails.
What is the impact of CVE-2019-10734 on users?
CVE-2019-10734 potentially allows attackers to bypass email encryption protections and manipulate email content.
Which versions of Trojita are affected by CVE-2019-10734?
CVE-2019-10734 affects Trojita version 0.7.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/references
- agent/author
- agent/weakness
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/trojita project
- canonical/trojita
- version/trojita/0.7