Cleartext transmission of sensitive information in kmail - CVE-2020-15954

 

Cleartext transmission of sensitive information in kmail - CVE-2020-15954

Published: July 27, 2020 / Updated: November 19, 2021


Vulnerability identifier: #VU34051
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2020-15954
CWE-ID: CWE-319
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: KDE.org
Affected software:
kmail

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

KDE KMail 19.12.3 (aka 5.13.3) engages in unencrypted POP3 communication during times when the UI indicates that encryption is in use.


How to mitigate CVE-2020-15954

Install update from vendor's website.

Sources