Arbitrary Type Parameter Vulnerability in KDE KAuth Product by KDE
CVE-2019-7443

8.1HIGH

Key Information:

Vendor

Kde

Status
Kauth
Vendor
CVE Published:
7 May 2019

What is CVE-2019-7443?

KDE KAuth prior to version 5.55 allows the execution of auxiliary helper plugins with arbitrary parameter types over DBus, potentially allowing for a crash or executing arbitrary code with root privileges. This flaw may lead to serious exploitation dangers, as any vulnerabilities within the plugins themselves could be executed without proper authorization, effectively compromising system integrity.

References

http://lists.opensuse.org/opensuse-security-announce/2019...
x_refsource_MISC
http://lists.opensuse.org/opensuse-security-announce/2019...
x_refsource_MISC
https://lists.fedoraproject.org/archives/list/package-ann...
x_refsource_MISC

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.