Home > Vulnerability Database > CVE-2023-46116

Mend.io Vulnerability Database

CVE-2023-46116

Date: December 15, 2023

Tutanota (Tuta Mail) is an encrypted email provider. Tutanota allows users to open links in emails in external applications. Prior to version 3.118.12, it correctly blocks the "file:" URL scheme, which can be used by malicious actors to gain code execution on a victims computer, however fails to check other harmful schemes such as "ftp:", "smb:", etc. which can also be used. Successful exploitation of this vulnerability will enable an attacker to gain code execution on a victim's computer. Version 3.118.2 contains a patch for this issue.

Language: TYPE_SCRIPT

Severity Score

9.3

Related Resources (7)

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-46116

Url: https://github.com/tutao/tutanota/blob/master/src/desktop/ApplicationWindow.ts#L417

Url: https://user-images.githubusercontent.com/46137338/270564886-7a0389d3-f9ef-44e1-9f5e-57ccc72dcaa8.mp4

Url: https://github.com/tutao/tutanota/commit/88ecad17d00d05a722399aed35f0d280899d55a2

Url: https://github.com/tutao/tutanota/blob/master/src/desktop/ApplicationWindow.ts#L423

Url: https://github.com/tutao/tutanota/security/advisories/GHSA-mxgj-pq62-f644

Url: https://www.mend.io/vulnerability-database/CVE-2023-46116

Severity Score

9.3

Weakness Type (CWE)

Improper Input Validation

CWE-20

Insufficient Information

NVD-CWE-noinfo

CVSS v3.1

Base Score:	9.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-46116

Date: December 15, 2023

Language: TYPE_SCRIPT

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?