CVE-2024-23330

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Jan 23, 2024
Updated: Feb 1, 2024
CWE ID 918

Summary

CVE-2024-23330 is a cyber vulnerability affecting the encrypted email service Tuta. Versions prior to 119.10 allow an attacker to attach an image in an HTML mail, which can be loaded from an external resource despite the default setting to prevent this. This behavior exposes the user's IP address, device information, and email activity to the sender. The vulnerability has a base severity of MEDIUM and a CVSS score of 5.3. The issue has been patched in version 119.10 of Tuta, and organizations should update their software to remediate the vulnerability.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-23330 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options