CVE-2018-6790 Common Vulnerabilities and Exposures

Upstream information

CVE-2018-6790 at MITRE

Description

An issue was discovered in KDE Plasma Workspace before 5.12.0. dataengines/notifications/notificationsengine.cpp allows remote attackers to discover client IP addresses via a URL in a notification, as demonstrated by the src attribute of an IMG element.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having moderate severity.

CVSS v2 Scores
	National Vulnerability Database
Base Score	5
Vector	AV:N/AC:L/Au:N/C:P/I:N/A:N
Access Vector	Network
Access Complexity	Low
Authentication	None
Confidentiality Impact	Partial
Integrity Impact	None
Availability Impact	None

CVSS v3 Scores
	National Vulnerability Database
Base Score	5.3
Vector	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector	Network
Attack Complexity	Low
Privileges Required	None
User Interaction	None
Scope	Unchanged
Confidentiality Impact	Low
Integrity Impact	None
Availability Impact	None
CVSSv3 Version	3

SUSE Bugzilla entry: 1079429 [RESOLVED / FIXED]

SUSE Security Advisories:

openSUSE-SU-2018:0397-1, published Fri Dec 8 15:48:39 2023
openSUSE-SU-2018:0398-1, published Fri Dec 8 15:48:39 2023

List of released packages

Product(s)	Fixed package version(s)	References
SUSE Liberty Linux 7 SUSE Liberty Linux 7 LTSS	`kcm_colors >= 4.11.19-13.el7` `kde-settings >= 19-23.9.el7` `kde-settings-ksplash >= 19-23.9.el7` `kde-settings-minimal >= 19-23.9.el7` `kde-settings-plasma >= 19-23.9.el7` `kde-settings-pulseaudio >= 19-23.9.el7` `kde-style-oxygen >= 4.11.19-13.el7` `kde-workspace >= 4.11.19-13.el7` `kde-workspace-devel >= 4.11.19-13.el7` `kde-workspace-ksplash-themes >= 4.11.19-13.el7` `kde-workspace-libs >= 4.11.19-13.el7` `kdeclassic-cursor-theme >= 4.11.19-13.el7` `kdelibs >= 4.14.8-10.el7` `kdelibs-apidocs >= 4.14.8-10.el7` `kdelibs-common >= 4.14.8-10.el7` `kdelibs-devel >= 4.14.8-10.el7` `kdelibs-ktexteditor >= 4.14.8-10.el7` `kgreeter-plugins >= 4.11.19-13.el7` `khotkeys >= 4.11.19-13.el7` `khotkeys-libs >= 4.11.19-13.el7` `kinfocenter >= 4.11.19-13.el7` `kmag >= 4.10.5-4.el7` `kmenuedit >= 4.11.19-13.el7` `ksysguard >= 4.11.19-13.el7` `ksysguard-libs >= 4.11.19-13.el7` `ksysguardd >= 4.11.19-13.el7` `kwin >= 4.11.19-13.el7` `kwin-gles >= 4.11.19-13.el7` `kwin-gles-libs >= 4.11.19-13.el7` `kwin-libs >= 4.11.19-13.el7` `libkworkspace >= 4.11.19-13.el7` `oxygen-cursor-themes >= 4.11.19-13.el7` `plasma-scriptengine-python >= 4.11.19-13.el7` `plasma-scriptengine-ruby >= 4.11.19-13.el7` `qt-settings >= 19-23.9.el7` `virtuoso-opensource >= 6.1.6-7.el7` `virtuoso-opensource-utils >= 6.1.6-7.el7`	Patchnames: RHSA-2019:2141
SUSE Package Hub 12 SP3	`drkonqi5 >= 5.8.7-8.1` `plasma5-workspace >= 5.8.7-8.1` `plasma5-workspace-devel >= 5.8.7-8.1` `plasma5-workspace-lang >= 5.8.7-8.1` `plasma5-workspace-libs >= 5.8.7-8.1`	Patchnames: openSUSE-2018-147

SUSE Timeline for this CVE

CVE page created: Mon Feb 5 19:32:07 2018
CVE page last modified: Wed Jun 12 15:24:35 2024