CVE-2018-20954
HIGHMailpile - Improper Authentication in Encryption Key Validation
Title source: llmDescription
The "Security and Privacy" Encryption feature in Mailpile before 1.0.0rc4 does not exclude disabled, revoked, and expired keys.
References (3)
Core 3
Core References
Third Party Advisory x_refsource_misc
https://github.com/mailpile/Mailpile/pull/2145
Patch, Third Party Advisory x_refsource_misc
https://github.com/mailpile/Mailpile/commit/49b64f62ade9ade3dff9337c7bbc1171eab3d59e
Third Party Advisory x_refsource_misc
https://github.com/mailpile/Mailpile/compare/1.0.0rc3...1.0.0rc4
Scores
CVSS v3
7.5
EPSS
0.0115
EPSS Percentile
62.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-287
Status
published
Products (4)
mailpile/mailpile
0.5.0
mailpile/mailpile
0.5.1
mailpile/mailpile
0.5.2
mailpile/mailpile
1.0.0 rc0 (4 CPE variants)
Published
Aug 08, 2019
Tracked Since
Feb 18, 2026