What is CVE-2020-11880?

CVE-2020-11880 is a vulnerability discovered in KDE KMail before version 19.12.3 that allows a website or other source of mailto links to attach local files to an email message without showing a warning to the user.

How does CVE-2020-11880 work?

CVE-2020-11880 works by exploiting the non-RFC6068 "mailto?attach=..." parameter in KDE KMail to bypass the warning prompt and attach local files to an email message.

What is the severity of CVE-2020-11880?

The severity of CVE-2020-11880 is medium, with a severity value of 6.5.

How can I fix CVE-2020-11880?

To fix CVE-2020-11880, update to KDE KMail version 19.12.3 or later.

Where can I find more information about CVE-2020-11880?

You can find more information about CVE-2020-11880 on the KDE KMail Git repository: [https://cgit.kde.org/kmail.git/commit/?id=2a348eccd352260f192d9b449492071bbf2b34b1](https://cgit.kde.org/kmail.git/commit/?id=2a348eccd352260f192d9b449492071bbf2b34b1)

Vulnerability/
CVE-2020-11880

medium

6.5

17/4/2020

29/4/2020

CVE-2020-11880

First published: Fri Apr 17 2020(Updated: )

An issue was discovered in KDE KMail before 19.12.3. By using the proprietary (non-RFC6068) "mailto?attach=..." parameter, a website (or other source of mailto links) can make KMail attach local files to a composed email message without showing a warning to the user, as demonstrated by an attach=.bash_history value.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
KDE KMail	<19.12.3

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2020-11880?
CVE-2020-11880 is a vulnerability discovered in KDE KMail before version 19.12.3 that allows a website or other source of mailto links to attach local files to an email message without showing a warning to the user.
How does CVE-2020-11880 work?
CVE-2020-11880 works by exploiting the non-RFC6068 "mailto?attach=..." parameter in KDE KMail to bypass the warning prompt and attach local files to an email message.
What is the severity of CVE-2020-11880?
The severity of CVE-2020-11880 is medium, with a severity value of 6.5.
How can I fix CVE-2020-11880?
To fix CVE-2020-11880, update to KDE KMail version 19.12.3 or later.
Where can I find more information about CVE-2020-11880?
You can find more information about CVE-2020-11880 on the KDE KMail Git repository: [https://cgit.kde.org/kmail.git/commit/?id=2a348eccd352260f192d9b449492071bbf2b34b1](https://cgit.kde.org/kmail.git/commit/?id=2a348eccd352260f192d9b449492071bbf2b34b1)

collector/nvd-index
vendor/kde
canonical/kde kmail

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.