CVE-2018-20954

CVE-2018-20954

EPSS 1.1%

The "Security and Privacy" Encryption feature in Mailpile before 1.0.0rc4 does not exclude disabled, revoked, and expired keys.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/mailpile/Mailpile/commit/49b64f62ade9ade3dff9337c7bbc1171eab3d59e https://github.com/mailpile/Mailpile/compare/1.0.0rc3...1.0.0rc4 https://github.com/mailpile/Mailpile/pull/2145