CVE-2021-38373

Опубликовано: 10 авг. 2021

Источник: debian

Описание

In KDE KMail 19.12.3 (aka 5.13.3), the SMTP STARTTLS option is not honored (and cleartext messages are sent) unless "Server requires authentication" is checked.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
ksmtp	fixed	21.12.3-2		package
ksmtp	ignored		bullseye	package
ksmtp	ignored		buster	package

Примечания

https://bugs.kde.org/show_bug.cgi?id=423423
https://nostarttls.secvuln.info
https://invent.kde.org/pim/ksmtp/-/commit/38a4c09427f3fdc04f9893f8eda3f6807d9a3203
https://invent.kde.org/pim/ksmtp/-/commit/60f73c69758fe40a027a8e7402127d085f18545a

Связанные уязвимости

CVE-2021-38373

CVSS3: 5.3

ubuntu

больше 4 лет назад

In KDE KMail 19.12.3 (aka 5.13.3), the SMTP STARTTLS option is not honored (and cleartext messages are sent) unless "Server requires authentication" is checked.

CVE-2021-38373

CVSS3: 6.5

redhat

больше 4 лет назад

In KDE KMail 19.12.3 (aka 5.13.3), the SMTP STARTTLS option is not honored (and cleartext messages are sent) unless "Server requires authentication" is checked.

CVE-2021-38373

CVSS3: 5.3

nvd

больше 4 лет назад

In KDE KMail 19.12.3 (aka 5.13.3), the SMTP STARTTLS option is not honored (and cleartext messages are sent) unless "Server requires authentication" is checked.

GHSA-rc8g-gfxp-864v

github

больше 3 лет назад

In KDE KMail 19.12.3 (aka 5.13.3), the SMTP STARTTLS option is not honored (and cleartext messages are sent) unless "Server requires authentication" is checked.