CVE-2021-38372

Published: 10 August 2021

In KDE Trojita 0.7, man-in-the-middle attackers can create new folders because untagged responses from an IMAP server are accepted before STARTTLS.

Priority

CVSS 3 base score: 3.7

Status

Package	Release	Status
trojita Launchpad, Ubuntu, Debian	bionic	Does not exist
	focal	Needs triage
	hirsute	Ignored (reached end-of-life)
	impish	Needs triage
	jammy	Needs triage
	trusty	Does not exist
	upstream	Needs triage
	xenial	Ignored (out of standard support)

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.