PT-2020-12914 · Kde+3 · Kmail+3

Published

2020-03-13

Updated

2025-09-02

CVE-2020-11880

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions KDE KMail versions prior to 19.12.3

Description An issue was discovered where a website or other source of mailto links can make KMail attach local files to a composed email message without showing a warning to the user. This is achieved by using the proprietary "mailto?attach=..." parameter, as demonstrated by an attach=.bash history value.

Recommendations For versions prior to 19.12.3, update to version 19.12.3 or later to resolve the issue. As a temporary workaround, consider avoiding the use of the "mailto?attach=..." parameter in mailto links until the issue is resolved.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

ALT-PU-2020-1466

ALT-PU-2020-1532

CVE-2020-11880

USN-7729-1

USN-7731-1

Affected Products

Alt Linux

Kmail

Linuxmint

Ubuntu

PT-2020-12914 · Kde+3 · Kmail+3

CVE-2020-11880

Related Identifiers

Affected Products

References · 16