Email Attachment Encryption Issue in KDE KMail
CVE-2014-8878

5.9MEDIUM

Key Information:

Vendor

Kde

Status
Kmail
Vendor
CVE Published:
28 September 2017

What is CVE-2014-8878?

KDE KMail suffers from a significant encryption flaw where attachments are not encrypted even when 'automatic encryption' is enabled. This oversight can enable remote attackers to intercept and access sensitive information transmitted over the network, potentially compromising user privacy and security. Users are advised to review their email security practices and patch their installations to mitigate this risk.

References

http://www.securityfocus.com/bid/75986
vdb-entryx_refsource_BID
https://bugs.kde.org/show_bug.cgi?id=340312
x_refsource_CONFIRM
https://bugzilla.redhat.com/show_bug.cgi?id=1243777
x_refsource_CONFIRM

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.