Описание
kpac/script.cpp in KDE kio before 5.32 and kdelibs before 4.14.30 calls the PAC FindProxyForURL function with a full https URL (potentially including Basic Authentication credentials, a query string, or PATH_INFO), which allows remote attackers to obtain sensitive information via a crafted PAC file.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 4:4.14.28-0ubuntu3 |
| esm-apps/xenial | released | 4:4.14.16-0ubuntu3.1 |
| esm-infra-legacy/trusty | released | 4:4.13.3-0ubuntu0.4 |
| precise | released | 4:4.8.5-0ubuntu0.6 |
| trusty | released | 4:4.13.3-0ubuntu0.4 |
| trusty/esm | released | 4:4.13.3-0ubuntu0.4 |
| upstream | needed | |
| vivid/stable-phone-overlay | DNE | |
| vivid/ubuntu-core | DNE | |
| xenial | released | 4:4.14.16-0ubuntu3.1 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 5.31.0-0ubuntu2 |
| esm-apps/xenial | released | 5.18.0-0ubuntu1.1 |
| esm-infra-legacy/trusty | DNE | |
| precise | DNE | |
| trusty | DNE | |
| trusty/esm | DNE | |
| upstream | needed | |
| vivid/stable-phone-overlay | DNE | |
| vivid/ubuntu-core | DNE | |
| xenial | released | 5.18.0-0ubuntu1.1 |
Показывать по
EPSS
4.3 Medium
CVSS2
5.5 Medium
CVSS3
Связанные уязвимости
kpac/script.cpp in KDE kio before 5.32 and kdelibs before 4.14.30 calls the PAC FindProxyForURL function with a full https URL (potentially including Basic Authentication credentials, a query string, or PATH_INFO), which allows remote attackers to obtain sensitive information via a crafted PAC file.
kpac/script.cpp in KDE kio before 5.32 and kdelibs before 4.14.30 calls the PAC FindProxyForURL function with a full https URL (potentially including Basic Authentication credentials, a query string, or PATH_INFO), which allows remote attackers to obtain sensitive information via a crafted PAC file.
kpac/script.cpp in KDE kio before 5.32 and kdelibs before 4.14.30 call ...
kpac/script.cpp in KDE kio before 5.32 and kdelibs before 4.14.30 calls the PAC FindProxyForURL function with a full https URL (potentially including Basic Authentication credentials, a query string, or PATH_INFO), which allows remote attackers to obtain sensitive information via a crafted PAC file.
EPSS
4.3 Medium
CVSS2
5.5 Medium
CVSS3