Unencrypted POP3 Communication in KDE KMail Email Client
CVE-2020-15954

6.5MEDIUM

Key Information:

Vendor: Kde
Status: Kmail
Vendor: CVE Published:; 27 July 2020

What is CVE-2020-15954?

KDE KMail version 19.12.3 improperly handles encryption during POP3 communication, resulting in potentially sensitive user data being sent over unencrypted channels. This vulnerability creates a misleading user interface experience where users may believe their communications are safe from eavesdropping, whereas they are actually exposed. It is crucial for users of KMail to be aware of this issue and take necessary precautions to secure their email interactions.

References

https://bugs.kde.org/show_bug.cgi?id=423426

x_refsource_MISC

https://lists.debian.org/debian-lts-announce/2020/07/msg0...

mailing-listx_refsource_MLIST

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 27, 2020
Vulnerability Reserved
Jul 27, 2020

CVE-2020-15954 Data

JSON

Kde

What is CVE-2020-15954?

References

CVSS V3.1

Timeline