PT-2018-17746 · Kde+3 · Kde Plasma Workspace+3

Published

2018-02-07

Updated

2024-06-17

CVE-2018-6790

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions KDE Plasma Workspace versions prior to 5.12.0

Description An issue in the notifications engine allows remote attackers to discover client IP addresses via a URL in a notification. This can be achieved by using the src attribute of an IMG element.

Recommendations For versions prior to 5.12.0, update to version 5.12.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of notifications that include URLs to minimize the risk of IP address discovery.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

ALT-PU-2024-8795

CESA-2019_2141

CVE-2018-6790

OPENSUSE-SU-2018:0397-1

OPENSUSE-SU-2018:0398-1

OPENSUSE-SU-2018_0397-1

RHSA-2019:2141

RHSA-2019_2141

Affected Products

Centos

Kde Plasma Workspace

Red Hat

Suse

PT-2018-17746 · Kde+3 · Kde Plasma Workspace+3

CVE-2018-6790

Weakness Enumeration

Related Identifiers

Affected Products

References · 55