#VU69679 Security features bypass in ruqola
Vulnerability identifier: #VU69679
Vulnerability risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-254
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
ruqola
Client/Desktop applications /
Messaging software
Vendor: KDE.org
Description
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to the way external links are processed within the client messaging software. A remote attacker can trick the victim to click on the URL in the "Server Info" dialog box that leads to a local file and execute it on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise the affected system.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
ruqola: 1.0.0 - 1.8.1
External links
http://kde.org/info/security/advisory-20221129-1.txt
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
