Vulnerability in KDE Discover Affects URL Handling
CVE-2021-28117

7.5HIGH

Key Information:

Vendor: Kde
Status: Discover
Vendor: CVE Published:; 20 March 2021

What is CVE-2021-28117?

A vulnerability in KDE Discover allows for the automatic creation of links to potentially dangerous URLs that are not prefixed with http or https. This behavior stems from the application's reliance on content from the store.kde.org website. Users may inadvertently navigate to these URLs, which could pose security risks. Fixed versions of KDE Discover are available, effectively addressing this issue.

References

https://userbase.kde.org/Discover

https://github.com/KDE/discover/releases

https://kde.org/info/security/advisory-20210310-1.txt

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 20, 2021
Vulnerability Reserved
Mar 9, 2021

CVE-2021-28117 Data

JSON

Kde

What is CVE-2021-28117?

References

CVSS V3.1

Timeline