Mailvelope up to 3.2.x Private Key privilege escalation
| CVSS Meta Temp Score | Current Exploit Price (β) |
|---|---|
| 4.9 | $0-$5k |
A vulnerability, which was classified as critical, was found in Mailvelope up to 3.2.x. This affects an unknown function of the component Private Key Handler. The manipulation with an unknown input leads to a privilege escalation vulnerability. CWE is classifying the issue as CWE-269. This is going to have an impact on confidentiality, integrity, and availability.
The weakness was presented 07/09/2019 (GitHub Repository). The advisory is shared at github.com. This vulnerability is uniquely identified as CVE-2019-9149 since 02/25/2019. Neither technical details nor an exploit are publicly available.
Upgrading to version 3.3.0 eliminates this vulnerability.
See 137612 and 137614 for similar entries.
Name
VulDB Meta Base Score: 5.5
VulDB Meta Temp Score: 4.9
VulDB Base Score: β5.5
VulDB Temp Score: β4.9
VulDB Vector: π
VulDB Reliability: π
VulDB Base Score: π
VulDB Temp Score: π
VulDB Reliability: π
Class: Privilege escalation (CWE-269)
Local: Yes
Remote: No
Availability: π
Status: Not defined
Price Prediction: π
Current Price Estimation: π
| 0-Day | unlock | unlock | unlock | unlock |
|---|---|---|---|---|
| Today | unlock | unlock | unlock | unlock |
Threat Intelligence
Threat: π
Adversaries: π
Geopolitics: π
Economy: π
Predictions: π
Remediation: πRecommended: Upgrade
Status: π
0-Day Time: π
Upgrade: Mailvelope 3.3.0
02/25/2019 CVE assigned
07/09/2019 Advisory disclosed
07/10/2019 VulDB entry created
07/10/2019 VulDB last updateAdvisory: github.com
Status: Unconfirmed
CVE: CVE-2019-9149 (π)
See also: π
Created: 07/10/2019 12:51 PM
Complete: π
Enable the mail alert feature now!
https://vuldb.com/?id.137613
Gloss