Main Vulnerability Database Vulnerabilities #VU51424

Input validation error in discover - CVE-2021-28117

Published: March 12, 2021

Vulnerability identifier: #VU51424

CSH Severity: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2021-28117

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
discover

Software vendor:
KDE.org

Description

The vulnerability allows a remote attacker to bypass security restrictions.

The vulnerability exists due to missing URI scheme validation. A remote attacker can pass specially crafted link to an SMB or NFS share and potentially bypass implemented security restrictions by tricking the Discover to follow such links.

Remediation

Install updates from vendor's website.

External links

https://kde.org/info/security/advisory-20210310-1.txt

Input validation error in discover - CVE-2021-28117

Description

Remediation

External links

Please verify you're human