CVE-2020-14154
MEDIUMmutt < 1.14.3 - Unauthenticated TLS Certificate Validation Bypass via Expired Intermediate Certificate
Title source: llmDescription
Mutt before 1.14.3 proceeds with a connection even if, in response to a GnuTLS certificate prompt, the user rejects an expired intermediate certificate.
References (7)
Core 7
Core References
Product, Vendor Advisory x_refsource_misc
http://www.mutt.org
Mailing List, Vendor Advisory x_refsource_misc
http://lists.mutt.org/pipermail/mutt-announce/Week-of-Mon-20200608/000022.html
Third Party Advisory x_refsource_misc
https://bugs.gentoo.org/728300
Broken Link vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00064.html
Broken Link vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00070.html
Third Party Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/4401-1/
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/202007-57
Scores
CVSS v3
4.8
EPSS
0.0069
EPSS Percentile
72.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
Details
Status
published
Products (6)
canonical/ubuntu_linux
12.04
canonical/ubuntu_linux
16.04
canonical/ubuntu_linux
18.04
canonical/ubuntu_linux
19.10
canonical/ubuntu_linux
20.04
mutt/mutt
< 1.14.3
Published
Jun 15, 2020
Tracked Since
Feb 18, 2026