CVE-2022-4055 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2022-4055 Interim 1 9 2025-05-31T23:14:17Z current 2022-11-19T00:49:39Z 2025-05-31T23:14:17Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2022-4055 When xdg-mail is configured to use thunderbird for mailto URLs, improper parsing of the URL can lead to additional headers being passed to thunderbird that should not be included per RFC 2368. An attacker can use this method to create a mailto URL that looks safe to users, but will actually attach files when clicked. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.suse.com/pipermail/suse-liberty-linux-updates/2025-May/001437.html E-Mail link for RHSA-2025:7672 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Enterprise Storage 7 SUSE Linux Enterprise Module for Basesystem 15 SP3 SUSE Liberty Linux 9 SUSE Linux Enterprise Module for Basesystem 15 SP3 SUSE Linux Enterprise Module for Basesystem 15 SP4 SUSE Linux Enterprise Module for Basesystem 15 SP5 SUSE Linux Enterprise Module for Basesystem 15 SP6 SUSE Linux Enterprise High Performance Computing 12 SP5 SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS SUSE Linux Enterprise Module for Basesystem 15 SP3 SUSE Linux Enterprise Module for Basesystem 15 SP4 SUSE Linux Enterprise Module for Basesystem 15 SP5 SUSE Linux Enterprise Module for Basesystem 15 SP6 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP4-ESPOS SUSE Linux Enterprise Server 12 SP4-LTSS SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server 15 SP2-LTSS SUSE Linux Enterprise Module for Basesystem 15 SP3 SUSE Linux Enterprise Module for Basesystem 15 SP4 SUSE Linux Enterprise Module for Basesystem 15 SP5 SUSE Linux Enterprise Module for Basesystem 15 SP6 SUSE Linux Enterprise Server Business Critical Linux 15 SP2 SUSE Linux Enterprise Server Teradata 12 SP3 SUSE Linux Enterprise Server Teradata 12 SP3-LTSS SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP5 SUSE Linux Enterprise Server for SAP Applications 15 SP2 SUSE Linux Enterprise Module for Basesystem 15 SP3 SUSE Linux Enterprise Module for Basesystem 15 SP4 SUSE Linux Enterprise Module for Basesystem 15 SP5 SUSE Linux Enterprise Module for Basesystem 15 SP6 SUSE Manager Proxy 4.1 SUSE Linux Enterprise Module for Basesystem 15 SP3 SUSE Linux Enterprise Module for Basesystem 15 SP4 SUSE Manager Retail Branch Server 4.1 SUSE Linux Enterprise Module for Basesystem 15 SP3 SUSE Linux Enterprise Module for Basesystem 15 SP4 SUSE Manager Server 4.1 SUSE Linux Enterprise Module for Basesystem 15 SP3 SUSE Linux Enterprise Module for Basesystem 15 SP4 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 openSUSE Leap 15.5 openSUSE Leap 15.6 xdg-utils xdg-utils-1.1.3-13.el9_6 xdg-utils-1.1.3-13.el9_6 as a component of SUSE Liberty Linux 9 xdg-utils as a component of SUSE Enterprise Storage 7 xdg-utils as a component of SUSE Linux Enterprise High Performance Computing 12 SP5 xdg-utils as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS xdg-utils as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS xdg-utils as a component of SUSE Linux Enterprise Module for Basesystem 15 SP3 xdg-utils as a component of SUSE Linux Enterprise Module for Basesystem 15 SP4 xdg-utils as a component of SUSE Linux Enterprise Module for Basesystem 15 SP5 xdg-utils as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6 xdg-utils as a component of SUSE Linux Enterprise Server 12 SP2-BCL xdg-utils as a component of SUSE Linux Enterprise Server 12 SP3-BCL xdg-utils as a component of SUSE Linux Enterprise Server 12 SP4-ESPOS xdg-utils as a component of SUSE Linux Enterprise Server 12 SP4-LTSS xdg-utils as a component of SUSE Linux Enterprise Server 12 SP5 xdg-utils as a component of SUSE Linux Enterprise Server 15 SP2-LTSS xdg-utils as a component of SUSE Linux Enterprise Server Business Critical Linux 15 SP2 xdg-utils as a component of SUSE Linux Enterprise Server Teradata 12 SP3 xdg-utils as a component of SUSE Linux Enterprise Server Teradata 12 SP3-LTSS xdg-utils as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 xdg-utils as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 xdg-utils as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP2 xdg-utils as a component of SUSE Manager Proxy 4.1 xdg-utils as a component of SUSE Manager Retail Branch Server 4.1 xdg-utils as a component of SUSE Manager Server 4.1 xdg-utils as a component of SUSE OpenStack Cloud 9 xdg-utils as a component of SUSE OpenStack Cloud Crowbar 9 xdg-utils as a component of openSUSE Leap 15.5 xdg-utils as a component of openSUSE Leap 15.6 When xdg-mail is configured to use thunderbird for mailto URLs, improper parsing of the URL can lead to additional headers being passed to thunderbird that should not be included per RFC 2368. An attacker can use this method to create a mailto URL that looks safe to users, but will actually attach files when clicked. CVE-2022-4055 SUSE Liberty Linux 9:xdg-utils-1.1.3-13.el9_6 SUSE Enterprise Storage 7:xdg-utils SUSE Linux Enterprise High Performance Computing 12 SP5:xdg-utils SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:xdg-utils SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xdg-utils SUSE Linux Enterprise Module for Basesystem 15 SP3:xdg-utils SUSE Linux Enterprise Module for Basesystem 15 SP4:xdg-utils SUSE Linux Enterprise Module for Basesystem 15 SP5:xdg-utils SUSE Linux Enterprise Module for Basesystem 15 SP6:xdg-utils SUSE Linux Enterprise Server 12 SP2-BCL:xdg-utils SUSE Linux Enterprise Server 12 SP3-BCL:xdg-utils SUSE Linux Enterprise Server 12 SP4-ESPOS:xdg-utils SUSE Linux Enterprise Server 12 SP4-LTSS:xdg-utils SUSE Linux Enterprise Server 12 SP5:xdg-utils SUSE Linux Enterprise Server 15 SP2-LTSS:xdg-utils SUSE Linux Enterprise Server Business Critical Linux 15 SP2:xdg-utils SUSE Linux Enterprise Server Teradata 12 SP3-LTSS:xdg-utils SUSE Linux Enterprise Server Teradata 12 SP3:xdg-utils SUSE Linux Enterprise Server for SAP Applications 12 SP4:xdg-utils SUSE Linux Enterprise Server for SAP Applications 12 SP5:xdg-utils SUSE Linux Enterprise Server for SAP Applications 15 SP2:xdg-utils SUSE Manager Proxy 4.1:xdg-utils SUSE Manager Retail Branch Server 4.1:xdg-utils SUSE Manager Server 4.1:xdg-utils SUSE OpenStack Cloud 9:xdg-utils SUSE OpenStack Cloud Crowbar 9:xdg-utils openSUSE Leap 15.5:xdg-utils openSUSE Leap 15.6:xdg-utils moderate 6.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N