Input validation error in discover - CVE-2021-28117

 

Input validation error in discover - CVE-2021-28117

Published: March 12, 2021


Vulnerability identifier: #VU51424
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2021-28117
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: KDE.org
Affected software:
discover

Detailed vulnerability description

The vulnerability allows a remote attacker to bypass security restrictions.

The vulnerability exists due to missing URI scheme validation. A remote attacker can pass specially crafted link to an SMB or NFS share and potentially bypass implemented security restrictions by tricking the Discover to follow such links.


How to mitigate CVE-2021-28117

Install updates from vendor's website.

Sources