Local File Attach Vulnerability in KDE KMail by KDE
CVE-2020-11880

6.5MEDIUM

Key Information:

Vendor

Kde

Status
Kmail
Vendor
CVE Published:
17 April 2020

What is CVE-2020-11880?

A vulnerability in KDE KMail allows web sources to attach local files to email messages without displaying any warnings to the user. By utilizing the non-standard 'mailto?attach=...' parameter, this flaw enables the automatic attachment of files such as user-specific logs (e.g., .bash_history) directly from the local system. This raises significant security concerns, particularly regarding unauthorized access to sensitive user information.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://cgit.kde.org/kmail.git/commit/?id=2a348eccd352260...
x_refsource_MISC
https://cgit.kde.org/kmail.git/tag/?h=v19.12.3
x_refsource_MISC

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.