PT-2019-12014 · Kde+2 · Kde Kmail+2

Publicado

2019-04-07

·

Atualizado

2025-09-02

·

CVE-2019-10732

CVSS v3.1

4.3

Média

VetorAV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Name of the Vulnerable Software and Affected Versions KDE KMail version 5.2.3
Description The issue allows an attacker with S/MIME or PGP encrypted emails to craft a multipart email, hiding the encrypted parts using HTML/CSS or ASCII newline characters. When the receiver replies to this email, they may unknowingly leak the plaintext of the encrypted message back to the attacker.
Recommendations For KDE KMail version 5.2.3, consider disabling the handling of multipart emails with encrypted sub-parts until a patch is available. Restrict the use of HTML/CSS in emails to minimize the risk of exploitation. Avoid using the reply feature for emails with suspicious or unknown content.

Exploit

Correção

Cleartext Transmission of Sensitive Information

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-319

Identificadores relacionados

CVE-2019-10732
DLA-1825-1
MGASA-2021-0067
OPENSUSE-SU-2021:0188-1
OPENSUSE-SU-2021:0227-1
OPENSUSE-SU-2021_0188-1
OPENSUSE-SU-2024:11046-1
USN-7729-1
USN-7730-1

Produtos afetados

Kde Kmail
Suse
Ubuntu