Описание
ispdbservice.cpp in KDE Kmail before 6.2.0 allows man-in-the-middle attackers to trigger use of an attacker-controlled mail server because cleartext HTTP is used for a URL such as http://autoconfig.example.com or http://example.com/.well-known/autoconfig for retrieving the configuration. This is related to kmail-account-wizard.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-apps/xenial | released | 4:15.12.3-0ubuntu1.1+esm1 |
| esm-infra-legacy/trusty | not-affected | code not present |
| jammy | DNE | |
| noble | DNE | |
| plucky | DNE | |
| questing | DNE | |
| upstream | released | 24.07.80 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | code not present |
| esm-apps/bionic | not-affected | code not present |
| esm-apps/focal | not-affected | code not present |
| esm-apps/jammy | not-affected | code not present |
| esm-apps/noble | not-affected | code not present |
| focal | ignored | end of standard support, was needs-triage |
| jammy | not-affected | code not present |
| noble | not-affected | code not present |
| oracular | ignored | end of life, was needs-triage |
| plucky | not-affected | code not present |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 4:25.07.80-0ubuntu1 |
| esm-apps/bionic | released | 4:17.12.3-0ubuntu1+esm1 |
| esm-apps/focal | released | 4:19.12.3-0ubuntu1+esm1 |
| esm-apps/jammy | released | 4:21.12.3-0ubuntu1+esm1 |
| esm-apps/noble | released | 4:23.08.5-0ubuntu3+esm1 |
| jammy | needed | |
| noble | needed | |
| plucky | not-affected | 4:24.12.3-0ubuntu1 |
| questing | not-affected | 4:25.07.80-0ubuntu1 |
| upstream | released | 24.07.80 |
Показывать по
Ссылки на источники
EPSS
5.9 Medium
CVSS3
Связанные уязвимости
ispdbservice.cpp in KDE Kmail before 6.2.0 allows man-in-the-middle attackers to trigger use of an attacker-controlled mail server because cleartext HTTP is used for a URL such as http://autoconfig.example.com or http://example.com/.well-known/autoconfig for retrieving the configuration. This is related to kmail-account-wizard.
ispdbservice.cpp in KDE Kmail before 6.2.0 allows man-in-the-middle at ...
ispdbservice.cpp in KDE Kmail before 6.2.0 allows man-in-the-middle attackers to trigger use of an attacker-controlled mail server because cleartext HTTP is used for a URL such as http://autoconfig.example.com or http://example.com/.well-known/autoconfig for retrieving the configuration. This is related to kmail-account-wizard.
EPSS
5.9 Medium
CVSS3