Vulnerability Description
K9Mail version <= v5.600 contains a XML External Entity (XXE) vulnerability in WebDAV response parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via malicious WebDAV server or intercept the reponse of a valid WebDAV server.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| K9Mail | K-9 Mail | <= 5.600 |
Related Weaknesses (CWE)
References
- https://0dd.zone/2018/10/28/k9mail-XXE-MitM/Third Party Advisory
- https://github.com/k9mail/k-9/issues/3681Issue TrackingThird Party Advisory
- https://0dd.zone/2018/10/28/k9mail-XXE-MitM/Third Party Advisory
- https://github.com/k9mail/k-9/issues/3681Issue TrackingThird Party Advisory
FAQ
What is CVE-2018-1000831?
CVE-2018-1000831 is a vulnerability with a CVSS score of 10.0 (CRITICAL). K9Mail version <= v5.600 contains a XML External Entity (XXE) vulnerability in WebDAV response parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This a...
How severe is CVE-2018-1000831?
CVE-2018-1000831 has been rated CRITICAL with a CVSS base score of 10.0/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2018-1000831?
Check the references section above for vendor advisories and patch information. Affected products include: K9Mail K-9 Mail.