CVE-2018-15669

An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. Its primary WebView instance implements "webView:decidePolicyForNavigationAction:request:frame:decisionListener:" such that requests from HTMLIFrameElements are blacklisted. However, other sub-classes of HTMLFrameOwnerElements are not forbidden by the policy. An attacker may abuse HTML plug-in elements within an email to trigger frame navigation requests that bypass this filter.

CVSS v3 5.3 MEDIUM
CVSS v2.0 5.0 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

Vector : AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://versprite.com/advisories/airmail-3-for-mac-3/	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:bloop:airmail_3:3.5.9:*:*:*:*:macos:*:*

History

No history.

Information

Published : 2018-08-21 23:29

Updated : 2023-12-10 12:44

NVD link : CVE-2018-15669

Mitre link : CVE-2018-15669

CVE.ORG link : CVE-2018-15669

JSON object : View

Products Affected

bloop

airmail_3

CWE

NVD-CWE-noinfo

{"id": "CVE-2018-15669", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2018-08-21T23:29:00.473", "references": [{"url": "https://versprite.com/advisories/airmail-3-for-mac-3/", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. Its primary WebView instance implements \"webView:decidePolicyForNavigationAction:request:frame:decisionListener:\" such that requests from HTMLIFrameElements are blacklisted. However, other sub-classes of HTMLFrameOwnerElements are not forbidden by the policy. An attacker may abuse HTML plug-in elements within an email to trigger frame navigation requests that bypass this filter."}, {"lang": "es", "value": "Se ha descubierto un error en la versi\u00f3n 3.3.5.9 de Bloop Airmail para macOS. Su instancia WebView primaria implementa \"webView:decidePolicyForNavigationAction:request:frame:decisionListener:\" de modo que las peticiones desde HTMLIFrameElements se metan en una lista negra. Sin embargo, otras subclases de HTMLFrameOwnerElements no est\u00e1n prohibidas por la pol\u00edtica. Un atacante podr\u00eda explotar los elementos plug-in HTML en un correo para desencadenar peticiones de navegaci\u00f3n de tramas que omitan este filtro."}], "lastModified": "2020-05-04T13:43:37.873", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:bloop:airmail_3:3.5.9:*:*:*:*:macos:*:*", "vulnerable": true, "matchCriteriaId": "877A6161-2DB1-4EDE-A2C3-922354E2FC4D"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}