Information disclosure in kio-extras

#VU15907 Information disclosure in kio-extras

Published: 2018-11-14 | Updated: 2018-11-15

Vulnerability identifier: #VU15907

Vulnerability risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-19120

CWE-ID: CWE-200

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
kio-extras
Client/Desktop applications / Other client software

Vendor: KDE.org

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The vulnerability exists due to an error when the HTML Thumbnailer plug-in creates a thumbnail for HTML files. A remote attacker can access sensitive information, such as the IP address of a targeted system.

Mitigation
Update to version 18.08.2.

Vulnerable software versions

kio-extras: All versions

External links
http://www.kde.org/info/security/advisory-20181012-1.txt

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Information disclosure in KDE kio-extras