CVE-2018-19120

Published: Nov 29, 2018Modified: Nov 21, 2024

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

The HTML thumbnailer plugin in KDE Applications before 18.12.0 allows attackers to trigger outbound TCP connections to arbitrary IP addresses, leading to disclosure of the source IP address.

Affected (1)

Products: Kde: Kde Applications

Kde

1 product

Kde Applications

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Kde Kde Applications	Before 18.12.0

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (4)

https://bugzilla.redhat.com/show_bug.cgi?id=1649420

Source: cve@mitre.org

Issue TrackingThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CWRCGXLPJHM4OFD66BINH2FIMYHRCRKF/

Source: cve@mitre.org

https://bugzilla.redhat.com/show_bug.cgi?id=1649420

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CWRCGXLPJHM4OFD66BINH2FIMYHRCRKF/

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.