Описание
In KDE libksieve before 23.03.80, kmanagesieve/session.cpp places a cleartext password in server logs because a username variable is accidentally given a password value.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| libkf5ksieve | fixed | 4:22.12.3-2 | package | |
| libkf5ksieve | fixed | 4:22.12.3-1+deb12u1 | bookworm | package |
| libkf5ksieve | fixed | 4:20.08.3-1+deb11u1 | bullseye | package |
Примечания
https://www.openwall.com/lists/oss-security/2024/04/25/1
Fixed by: https://invent.kde.org/pim/libksieve/-/commit/6b460ba93ac4ac503ba039d0b788ac7595120db1 (v23.03.80)
EPSS
Связанные уязвимости
In KDE libksieve before 23.03.80, kmanagesieve/session.cpp places a cleartext password in server logs because a username variable is accidentally given a password value.
In KDE libksieve before 23.03.80, kmanagesieve/session.cpp places a cleartext password in server logs because a username variable is accidentally given a password value.
In KDE libksieve before 23.03.80, kmanagesieve/session.cpp places a cleartext password in server logs because a username variable is accidentally given a password value.
EPSS