Input Event Exposure in KDE Workspace Products
CVE-2015-1308

Currently unrated

Key Information:

Vendor: Kde
Status: Plasma-workspace
Vendor: CVE Published:; 26 January 2015

What is CVE-2015-1308?

KDE Workspace versions prior to 5.1.95 and kde-workspace 4.2.0 are exposed to a vulnerability that allows remote attackers to capture input events. This presents a significant risk as it potentially enables unauthorized access to sensitive information, including user passwords, when the user's screen is locked and the attacker has access to the X server.

References

http://www.securityfocus.com/bid/72284

vdb-entryx_refsource_BID

http://secunia.com/advisories/62051

third-party-advisoryx_refsource_SECUNIA

https://www.kde.org/info/security/advisory-20150122-2.txt

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 26, 2015
Vulnerability Reserved
Jan 22, 2015

CVE-2015-1308 Data

JSON

Kde

What is CVE-2015-1308?

References

Timeline