CVE-2020-14154

CVE Database · CVE-2020-14154

CVE-2020-14154

· MEDIUMModified

CVSS v3.1

4.8

EPSS

1.06%

Published

Jun 15, 2020

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Mutt before 1.14.3 proceeds with a connection even if, in response to a GnuTLS certificate prompt, the user rejects an expired intermediate certificate.

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Affected Products (6)

mutt · mutt (up to 1.14.3)vulnerable

canonical · ubuntu_linuxvulnerable

References (14)

http://lists.mutt.org/pipermail/mutt-announce/Week-of-Mon-20200608/000022.html

Mailing ListVendor Advisory

http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00064.html

Broken Link

http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00070.html

Broken Link

http://www.mutt.org

ProductVendor Advisory

https://bugs.gentoo.org/728300

Third Party Advisory

https://security.gentoo.org/glsa/202007-57

Third Party Advisory

KEV Catalog EPSS Scores Vendors All CVEs