Input validation error in discover - CVE-2021-28117
Published: March 12, 2021
Vulnerability identifier: #VU51424
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2021-28117
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: KDE.org
Affected software:
discover
discover
Detailed vulnerability description
The vulnerability allows a remote attacker to bypass security restrictions.
The vulnerability exists due to missing URI scheme validation. A remote attacker can pass specially crafted link to an SMB or NFS share and potentially bypass implemented security restrictions by tricking the Discover to follow such links.
How to mitigate CVE-2021-28117
Install updates from vendor's website.