CVE-2023-46116

Name of the Vulnerable Software and Affected Versions Tutanota versions prior to 3.118.12

Description The issue concerns the handling of URL schemes in emails. Prior to version 3.118.12, Tutanota correctly blocks the file: URL scheme but fails to check other harmful schemes such as ftp: and smb:, which can be used by malicious actors to gain code execution on a victim's computer. Successful exploitation enables an attacker to gain code execution on a victim's computer.

Recommendations For versions prior to 3.118.12, update to version 3.118.12 or later to resolve the issue. As a temporary workaround, consider disabling the ability to open links in external applications until the update is applied. Restrict access to harmful URL schemes such as ftp: and smb: to minimize the risk of exploitation.