{"id":"CVE-2019-12269","details":"Enigmail before 2.0.11 allows PGP signature spoofing: for an inline PGP message, an attacker can cause the product to display a \"correctly signed\" message indication, but display different unauthenticated text.","modified":"2026-03-12T22:58:21.529432Z","published":"2019-05-21T20:29:00.230Z","related":["SUSE-SU-2019:1576-1","openSUSE-SU-2019:1612-1","openSUSE-SU-2024:10736-1"],"references":[{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00061.html"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AVNTEF3WSOOQYKMIPEH7F77UPXES5BU5/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CYWBJHSBBLAHKMRWDWH2XXQDYAGDHB5I/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GHC5WDQ47FQSL5CTGQUYIHVC3RNZ7UH5/"},{"type":"ADVISORY","url":"https://www.enigmail.net/index.php/en/download/changelog"},{"type":"EVIDENCE","url":"https://sourceforge.net/p/enigmail/bugs/983/"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"2.0.11"}]}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-12269.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}]}