PT-2019-12014 · Kde+2 · Kde Kmail+2

Published

2019-04-07

Updated

2025-09-02

CVE-2019-10732

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions KDE KMail version 5.2.3

Description The issue allows an attacker with S/MIME or PGP encrypted emails to craft a multipart email, hiding the encrypted parts using HTML/CSS or ASCII newline characters. When the receiver replies to this email, they may unknowingly leak the plaintext of the encrypted message back to the attacker.

Recommendations For KDE KMail version 5.2.3, consider disabling the handling of multipart emails with encrypted sub-parts until a patch is available. Restrict the use of HTML/CSS in emails to minimize the risk of exploitation. Avoid using the reply feature for emails with suspicious or unknown content.

Exploit

Fix

Cleartext Transmission of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-319

Related Identifiers

CVE-2019-10732

DLA-1825-1

MGASA-2021-0067

OPENSUSE-SU-2021:0188-1

OPENSUSE-SU-2021:0227-1

OPENSUSE-SU-2021_0188-1

OPENSUSE-SU-2024:11046-1

USN-7729-1

USN-7730-1

Affected Products

Kde Kmail

Suse

Ubuntu

PT-2019-12014 · Kde+2 · Kde Kmail+2

CVE-2019-10732

Weakness Enumeration

Related Identifiers

Affected Products

References · 28