3.6 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:P/A:N
0.0004 Low
EPSS
Percentile
5.1%
Claws Mail is a GTK based e-mail client.
Nico Golde from Debian reported that the sylprint.pl script that is part of the Claws Mail tools creates temporary files in an insecure manner.
A local attacker could exploit this vulnerability to conduct symlink attacks to overwrite files with the privileges of the user running Claws Mail.
There is no known workaround at this time.
All Claws Mail users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=mail-client/claws-mail-3.0.2-r1"
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Gentoo | any | all | mail-client/claws-mail | < 3.0.2-r1 | UNKNOWN |