Remote IP Address Exposure in KDE Plasma Workspace by KDE
CVE-2018-6790

5.3MEDIUM

Key Information:

Vendor

Kde

Status
Plasma-workspace
Vendor
CVE Published:
7 February 2018

What is CVE-2018-6790?

A vulnerability in KDE Plasma Workspace prior to version 5.12.0 allows remote attackers to potentially exploit a flaw in the notifications system. By embedding a specific URL in a notification, an attacker can reveal the client's IP address through the IMG element's src attribute. This exposure can lead to privacy concerns and further attacks if exploited by malicious entities.

References

https://cgit.kde.org/plasma-workspace.git/commit/?id=5bc6...
x_refsource_CONFIRM
https://cgit.kde.org/plasma-workspace.git/commit/?id=8164...
x_refsource_CONFIRM
https://phabricator.kde.org/D10188
x_refsource_CONFIRM

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.