Описание
An issue was discovered in KDE KMail before 19.12.3. By using the proprietary (non-RFC6068) "mailto?attach=..." parameter, a website (or other source of mailto links) can make KMail attach local files to a composed email message without showing a warning to the user, as demonstrated by an attach=.bash_history value.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| devel | DNE | |
| eoan | DNE | |
| esm-apps/xenial | released | 4:15.12.3-0ubuntu1.1+esm1 |
| esm-infra-legacy/trusty | released | 4:4.13.3-0ubuntu0.2+esm1 |
| esm-infra/focal | DNE | |
| focal | DNE | |
| groovy | DNE | |
| hirsute | DNE | |
| impish | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needed |
| devel | not-affected | 4:25.07.80-0ubuntu1 |
| eoan | ignored | end of life |
| esm-apps/bionic | released | 4:17.12.3-0ubuntu1+esm1 |
| esm-apps/focal | released | 4:19.12.3-0ubuntu1+esm1 |
| esm-apps/jammy | not-affected | 4:21.12.3-0ubuntu1 |
| esm-apps/noble | not-affected | 4:23.08.5-0ubuntu5.1 |
| esm-infra-legacy/trusty | DNE | |
| focal | ignored | end of standard support, was needed |
| groovy | ignored | end of life |
Показывать по
6.4 Medium
CVSS2
6.5 Medium
CVSS3
Связанные уязвимости
An issue was discovered in KDE KMail before 19.12.3. By using the proprietary (non-RFC6068) "mailto?attach=..." parameter, a website (or other source of mailto links) can make KMail attach local files to a composed email message without showing a warning to the user, as demonstrated by an attach=.bash_history value.
An issue was discovered in KDE KMail before 19.12.3. By using the prop ...
An issue was discovered in KDE KMail before 19.12.3. By using the proprietary (non-RFC6068) "mailto?attach=..." parameter, a website (or other source of mailto links) can make KMail attach local files to a composed email message without showing a warning to the user, as demonstrated by an attach=.bash_history value.
6.4 Medium
CVSS2
6.5 Medium
CVSS3