{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-4055", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "dateUpdated": "2025-04-29T18:55:59.428Z", "dateReserved": "2022-11-17T00:00:00.000Z", "datePublished": "2022-11-18T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2022-11-18T00:00:00.000Z"}, "descriptions": [{"lang": "en", "value": "When xdg-mail is configured to use thunderbird for mailto URLs, improper parsing of the URL can lead to additional headers being passed to thunderbird that should not be included per RFC 2368. An attacker can use this method to create a mailto URL that looks safe to users, but will actually attach files when clicked."}], "affected": [{"vendor": "n/a", "product": "xdg-utils", "versions": [{"version": "xdg-utils 1.1.0 to and including 1.1.3", "status": "affected"}]}], "references": [{"url": "https://gitlab.freedesktop.org/xdg/xdg-utils/-/issues/205#note_1494267"}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-146", "cweId": "CWE-146"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T01:27:54.165Z"}, "title": "CVE Program Container", "references": [{"url": "https://gitlab.freedesktop.org/xdg/xdg-utils/-/issues/205#note_1494267", "tags": ["x_transferred"]}]}, {"metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.4, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-04-29T18:55:33.721446Z", "id": "CVE-2022-4055", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-29T18:55:59.428Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://gitlab.freedesktop.org/xdg/xdg-utils/-/issues/205#note_1494267", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T01:27:54.165Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.4, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2022-4055", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-29T18:55:33.721446Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-29T18:55:56.020Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "xdg-utils", "versions": [{"status": "affected", "version": "xdg-utils 1.1.0 to and including 1.1.3"}]}], "references": [{"url": "https://gitlab.freedesktop.org/xdg/xdg-utils/-/issues/205#note_1494267"}], "descriptions": [{"lang": "en", "value": "When xdg-mail is configured to use thunderbird for mailto URLs, improper parsing of the URL can lead to additional headers being passed to thunderbird that should not be included per RFC 2368. An attacker can use this method to create a mailto URL that looks safe to users, but will actually attach files when clicked."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-146", "description": "CWE-146"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2022-11-18T00:00:00.000Z"}}}, "cveMetadata": {"cveId": "CVE-2022-4055", "state": "PUBLISHED", "dateUpdated": "2025-04-29T18:55:59.428Z", "dateReserved": "2022-11-17T00:00:00.000Z", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "datePublished": "2022-11-18T00:00:00.000Z", "assignerShortName": "redhat"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:freedesktop:xdg-utils:*:*:*:*:*:*:*:*", "matchCriteriaId": "F69C0408-E439-4FF5-A724-E33B46B41275", "versionEndIncluding": "1.1.3", "versionStartIncluding": "1.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "When xdg-mail is configured to use thunderbird for mailto URLs, improper parsing of the URL can lead to additional headers being passed to thunderbird that should not be included per RFC 2368. An attacker can use this method to create a mailto URL that looks safe to users, but will actually attach files when clicked."}, {"lang": "es", "value": "Cuando xdg-mail est\u00e1 configurado para usar Thunderbird para URL de correo, el an\u00e1lisis incorrecto de la URL puede provocar que se pasen encabezados adicionales a Thunderbird que no deber\u00edan incluirse seg\u00fan RFC 2368. Un atacante puede usar este m\u00e9todo para crear una URL de correo que parezca segura a los usuarios, pero en realidad adjuntar\u00e1 archivos cuando se haga clic en ellos."}], "id": "CVE-2022-4055", "lastModified": "2025-04-29T19:15:53.337", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 4.0, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 4.0, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2022-11-19T00:15:31.003", "references": [{"source": "secalert@redhat.com", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://gitlab.freedesktop.org/xdg/xdg-utils/-/issues/205#note_1494267"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://gitlab.freedesktop.org/xdg/xdg-utils/-/issues/205#note_1494267"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-146"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"acknowledgement": "Red Hat would like to thank Marco K\u00fchnel for reporting this issue.", "bugzilla": {"description": "xdg-utils: improper parse of mailto URIs allows bypass of Thunderbird security mechanism for attachments", "id": "2143792", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2143792"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.4", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N", "status": "draft"}, "details": ["When xdg-mail is configured to use thunderbird for mailto URLs, improper parsing of the URL can lead to additional headers being passed to thunderbird that should not be included per RFC 2368. An attacker can use this method to create a mailto URL that looks safe to users, but will actually attach files when clicked."], "mitigation": {"lang": "en:us", "value": "To mitigate this flaw, either:\n1. Do not use mailto links at all\n2. Always double-check in the user interface that there are no unwanted attachments before sending emails; especially when the email originates from clicking a mailto link."}, "name": "CVE-2022-4055", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "xdg-utils", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "xdg-utils", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "xdg-utils", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "xdg-utils", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2022-08-03T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-4055\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-4055\nhttps://gitlab.freedesktop.org/xdg/xdg-utils/-/issues/205"], "statement": "To exploit this flaw, an attacker would need to convince a user to click on a specially crafted mailto URL. Additionally, the user must have the Thunderbird email client installed and xdg-mail configured to use Thunderbird to handle mailto URLs. Therefore, this vulnerability is rated as moderate rather than important because it requires user interaction and specific system configurations.", "threat_severity": "Moderate"}