PT-2018-17746 · Kde+3 · Kde Plasma Workspace+3

Publicado

2018-02-07

Atualizado

2024-06-17

CVE-2018-6790

CVSS v3.1

5.3

Média

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions KDE Plasma Workspace versions prior to 5.12.0

Description An issue in the notifications engine allows remote attackers to discover client IP addresses via a URL in a notification. This can be achieved by using the src attribute of an IMG element.

Recommendations For versions prior to 5.12.0, update to version 5.12.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of notifications that include URLs to minimize the risk of IP address discovery.

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

ALT-PU-2024-8795

CESA-2019_2141

CVE-2018-6790

OPENSUSE-SU-2018:0397-1

OPENSUSE-SU-2018:0398-1

OPENSUSE-SU-2018_0397-1

RHSA-2019:2141

RHSA-2019_2141

Produtos afetados

Centos

Kde Plasma Workspace

Red Hat

Suse

PT-2018-17746 · Kde+3 · Kde Plasma Workspace+3

CVE-2018-6790

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 55