Main Vulnerability Database Vulnerabilities #VU34051

#VU34051 Cleartext transmission of sensitive information in kmail - CVE-2020-15954

Published: July 27, 2020 / Updated: November 19, 2021

Vulnerability identifier: #VU34051

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2020-15954

CWE-ID: CWE-319

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
kmail

Software vendor:
KDE.org

Description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

KDE KMail 19.12.3 (aka 5.13.3) engages in unencrypted POP3 communication during times when the UI indicates that encryption is in use.

Install update from vendor's website.