Vulnerability Description
Tuta is an encrypted email service. Starting in version 3.118.12 and prior to version 3.119.10, an attacker is able to send a manipulated email so that the user can no longer use the app to get access to received emails. By sending a manipulated email, an attacker could put the app into an unusable state. In this case, a user can no longer access received e-mails. Since the vulnerability affects not only the app, but also the web application, a user in this case has no way to access received emails. This issue was tested with iOS and the web app, but it is possible all clients are affected. Version 3.119.10 fixes this issue.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Tuta | Tutanota | >= 3.118.12, < 3.119.10 |
Related Weaknesses (CWE)
References
- https://github.com/tutao/tutanota/releases/tag/tutanota-release-3.119.10Release Notes
- https://github.com/tutao/tutanota/security/advisories/GHSA-5h47-g927-629gExploitVendor Advisory
- https://github.com/tutao/tutanota/releases/tag/tutanota-release-3.119.10Release Notes
- https://github.com/tutao/tutanota/security/advisories/GHSA-5h47-g927-629gExploitVendor Advisory
FAQ
What is CVE-2024-23655?
CVE-2024-23655 is a vulnerability with a CVSS score of 7.5 (HIGH). Tuta is an encrypted email service. Starting in version 3.118.12 and prior to version 3.119.10, an attacker is able to send a manipulated email so that the user can no longer use the app to get access...
How severe is CVE-2024-23655?
CVE-2024-23655 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-23655?
Check the references section above for vendor advisories and patch information. Affected products include: Tuta Tutanota.