K9Mail version <= v5.600 contains a XML External Entity (XXE) vulnerability in WebDAV response parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via malicious WebDAV server or intercept the reponse of a valid WebDAV server.
References
Link | Resource |
---|---|
https://github.com/k9mail/k-9/issues/3681 | Issue Tracking Third Party Advisory |
https://0dd.zone/2018/10/28/k9mail-XXE-MitM/ | Third Party Advisory |
Configurations
Information
Published : 2018-12-20 07:29
Updated : 2019-01-08 11:06
NVD link : CVE-2018-1000831
Mitre link : CVE-2018-1000831
JSON object : View
CWE
CWE-611
Improper Restriction of XML External Entity Reference
Products Affected
k9mail
- k-9_mail