CVE-2018-6790: Infoleak
First published: Wed Feb 07 2018(Updated: )
An issue was discovered in KDE Plasma Workspace before 5.12.0. dataengines/notifications/notificationsengine.cpp allows remote attackers to discover client IP addresses via a URL in a notification, as demonstrated by the src attribute of an IMG element.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Kde Plasma-workspace | <5.12.0 | |
| redhat/plasma-workspace | <5.8.9 | 5.8.9 |
| redhat/plasma-workspace | <5.12.0 | 5.12.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://access.redhat.com/errata/RHSA-2019:2141
- https://cgit.kde.org/plasma-workspace.git/commit/?id=5bc696b5abcdb460c1017592e80b2d7f6ed3107c
- https://cgit.kde.org/plasma-workspace.git/commit/?id=8164beac15ea34ec0d1564f0557fe3e742bdd938
- https://phabricator.kde.org/D10188
- https://www.kde.org/announcements/plasma-5.11.5-5.12.0-changelog.php
- https://www.kde.org/info/security/advisory-20180208-1.txt
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1543470
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1543471
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1542676
- https://cgit.kde.org/plasma-workspace.git/commit/?h=Plasma/5.8&id=5bc696b5abcdb460c1017592e80b2d7f6ed3107c
- https://access.redhat.com/security/cve/cve-2018-6790
- https://bugzilla.redhat.com/show_bug.cgi?id=1543454
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2018-6790.
What is the title of the vulnerability?
The title of the vulnerability is 'An issue was discovered in KDE Plasma Workspace before 5.12.0.'
What is the severity rating of CVE-2018-6790?
The severity rating of CVE-2018-6790 is medium with a severity value of 5.3.
How can remote attackers exploit CVE-2018-6790?
Remote attackers can exploit CVE-2018-6790 to discover client IP addresses via a URL in a notification.
Which software versions are affected by CVE-2018-6790?
KDE Plasma Workspace versions before 5.12.0 are affected by CVE-2018-6790.
How can I fix CVE-2018-6790?
To fix CVE-2018-6790, update your KDE Plasma Workspace to version 5.12.0 or later.
Where can I find more information about CVE-2018-6790?
More information about CVE-2018-6790 can be found at the following references: [Reference 1](https://access.redhat.com/errata/RHSA-2019:2141), [Reference 2](https://cgit.kde.org/plasma-workspace.git/commit/?id=5bc696b5abcdb460c1017592e80b2d7f6ed3107c), [Reference 3](https://cgit.kde.org/plasma-workspace.git/commit/?id=8164beac15ea34ec0d1564f0557fe3e742bdd938).
- collector/nvd-index
- agent/type
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2018-6790
- agent/software-canonical-lookup
- agent/tags
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/kde
- canonical/kde plasma-workspace
- package-manager/redhat