CVE-2020-27748 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2020-27748 Interim 1 31 2025-02-17T01:11:07Z current 2021-05-30T14:44:53Z 2025-02-17T01:11:07Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2020-27748 A flaw was found in the xdg-email component of xdg-utils-1.1.0-rc1 and newer. When handling mailto: URIs, xdg-email allows attachments to be discreetly added via the URI when being passed to Thunderbird. An attacker could potentially send a victim a URI that automatically attaches a sensitive file to a new email. If a victim user does not notice that an attachment was added and sends the email, this could result in sensitive information disclosure. It has been confirmed that the code behind this issue is in xdg-email and not in Thunderbird. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings HPE Helion OpenStack 8 SUSE Enterprise Storage 7 SUSE Linux Enterprise Module for Basesystem 15 SP4 SUSE Linux Enterprise Module for Basesystem 15 SP5 SUSE Linux Enterprise High Performance Computing 12 SP5 SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS SUSE Linux Enterprise Module for Basesystem 15 SP4 SUSE Linux Enterprise Module for Basesystem 15 SP5 SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise Point of Service 11 SP3 SUSE Linux Enterprise Server 11 SP1 for Teradata SUSE Linux Enterprise Server 11 SP3 for Teradata SUSE Linux Enterprise Server 11 SP4 LTSS SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP4-ESPOS SUSE Linux Enterprise Server 12 SP4-LTSS SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server 15 SP2-LTSS SUSE Linux Enterprise Module for Basesystem 15 SP4 SUSE Linux Enterprise Module for Basesystem 15 SP5 SUSE Linux Enterprise Server 15-ESPOS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server Business Critical Linux 15 SP1 SUSE Linux Enterprise Server Teradata 12 SP3 SUSE Linux Enterprise Server for SAP Applications 12 SP2 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP5 SUSE Linux Enterprise Server for SAP Applications 15 SUSE Linux Enterprise Server for SAP Applications 15 SP2 SUSE Linux Enterprise Module for Basesystem 15 SP4 SUSE Linux Enterprise Module for Basesystem 15 SP5 SUSE Linux Enterprise Module for Basesystem 15 SP4 SUSE Linux Enterprise Module for Basesystem 15 SP4 SUSE Linux Enterprise Module for Basesystem 15 SP4 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 xdg-utils xdg-utils as a component of HPE Helion OpenStack 8 xdg-utils as a component of SUSE Enterprise Storage 7 xdg-utils as a component of SUSE Linux Enterprise High Performance Computing 12 SP5 xdg-utils as a component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS xdg-utils as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS xdg-utils as a component of SUSE Linux Enterprise High Performance Computing 15-LTSS xdg-utils as a component of SUSE Linux Enterprise Module for Basesystem 15 SP4 xdg-utils as a component of SUSE Linux Enterprise Module for Basesystem 15 SP5 xdg-utils as a component of SUSE Linux Enterprise Point of Service 11 SP3 xdg-utils as a component of SUSE Linux Enterprise Server 11 SP1 for Teradata xdg-utils as a component of SUSE Linux Enterprise Server 11 SP3 for Teradata xdg-utils as a component of SUSE Linux Enterprise Server 11 SP4 LTSS xdg-utils as a component of SUSE Linux Enterprise Server 12 SP2-BCL xdg-utils as a component of SUSE Linux Enterprise Server 12 SP2-LTSS xdg-utils as a component of SUSE Linux Enterprise Server 12 SP4-ESPOS xdg-utils as a component of SUSE Linux Enterprise Server 12 SP4-LTSS xdg-utils as a component of SUSE Linux Enterprise Server 12 SP5 xdg-utils as a component of SUSE Linux Enterprise Server 15 SP2-LTSS xdg-utils as a component of SUSE Linux Enterprise Server 15-ESPOS xdg-utils as a component of SUSE Linux Enterprise Server 15-LTSS xdg-utils as a component of SUSE Linux Enterprise Server Business Critical Linux 15 SP1 xdg-utils as a component of SUSE Linux Enterprise Server Teradata 12 SP3 xdg-utils as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP2 xdg-utils as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 xdg-utils as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 xdg-utils as a component of SUSE Linux Enterprise Server for SAP Applications 15 xdg-utils as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP2 xdg-utils as a component of SUSE OpenStack Cloud 8 xdg-utils as a component of SUSE OpenStack Cloud 9 xdg-utils as a component of SUSE OpenStack Cloud Crowbar 8 xdg-utils as a component of SUSE OpenStack Cloud Crowbar 9 A flaw was found in the xdg-email component of xdg-utils-1.1.0-rc1 and newer. When handling mailto: URIs, xdg-email allows attachments to be discreetly added via the URI when being passed to Thunderbird. An attacker could potentially send a victim a URI that automatically attaches a sensitive file to a new email. If a victim user does not notice that an attachment was added and sends the email, this could result in sensitive information disclosure. It has been confirmed that the code behind this issue is in xdg-email and not in Thunderbird. CVE-2020-27748 SUSE Linux Enterprise Point of Service 11 SP3:xdg-utils SUSE Linux Enterprise Server 11 SP1 for Teradata:xdg-utils SUSE Linux Enterprise Server 11 SP3 for Teradata:xdg-utils SUSE Linux Enterprise Server 11 SP4 LTSS:xdg-utils SUSE Enterprise Storage 7:xdg-utils SUSE Linux Enterprise High Performance Computing 12 SP5:xdg-utils SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xdg-utils SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xdg-utils SUSE Linux Enterprise High Performance Computing 15-LTSS:xdg-utils SUSE Linux Enterprise Module for Basesystem 15 SP4:xdg-utils SUSE Linux Enterprise Module for Basesystem 15 SP5:xdg-utils SUSE Linux Enterprise Server 12 SP2-BCL:xdg-utils SUSE Linux Enterprise Server 12 SP2-LTSS:xdg-utils SUSE Linux Enterprise Server 12 SP4-ESPOS:xdg-utils SUSE Linux Enterprise Server 12 SP4-LTSS:xdg-utils SUSE Linux Enterprise Server 12 SP5:xdg-utils SUSE Linux Enterprise Server 15 SP2-LTSS:xdg-utils SUSE Linux Enterprise Server 15-ESPOS:xdg-utils SUSE Linux Enterprise Server 15-LTSS:xdg-utils SUSE Linux Enterprise Server Business Critical Linux 15 SP1:xdg-utils SUSE Linux Enterprise Server Teradata 12 SP3:xdg-utils SUSE Linux Enterprise Server for SAP Applications 12 SP2:xdg-utils SUSE Linux Enterprise Server for SAP Applications 12 SP4:xdg-utils SUSE Linux Enterprise Server for SAP Applications 12 SP5:xdg-utils SUSE Linux Enterprise Server for SAP Applications 15 SP2:xdg-utils SUSE Linux Enterprise Server for SAP Applications 15:xdg-utils SUSE OpenStack Cloud 9:xdg-utils SUSE OpenStack Cloud Crowbar 9:xdg-utils moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N