Cleartext transmission of sensitive information in kmail - CVE-2020-15954
Published: July 27, 2020 / Updated: November 19, 2021
Vulnerability identifier: #VU34051
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2020-15954
CWE-ID: CWE-319
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: KDE.org
Affected software:
kmail
kmail
Detailed vulnerability description
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
KDE KMail 19.12.3 (aka 5.13.3) engages in unencrypted POP3 communication during times when the UI indicates that encryption is in use.
How to mitigate CVE-2020-15954
Install update from vendor's website.