CVE-2018-6790

Upstream information

CVE-2018-6790 at MITRE

Description

An issue was discovered in KDE Plasma Workspace before 5.12.0. dataengines/notifications/notificationsengine.cpp allows remote attackers to discover client IP addresses via a URL in a notification, as demonstrated by the src attribute of an IMG element.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having moderate severity.

CVSS v2 Scores
	National Vulnerability Database
Base Score	5
Vector	AV:N/AC:L/Au:N/C:P/I:N/A:N
Access Vector	Network
Access Complexity	Low
Authentication	None
Confidentiality Impact	Partial
Integrity Impact	None
Availability Impact	None

CVSS v3 Scores
	National Vulnerability Database
Base Score	5.3
Vector	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector	Network
Attack Complexity	Low
Privileges Required	None
User Interaction	None
Scope	Unchanged
Confidentiality Impact	Low
Integrity Impact	None
Availability Impact	None
CVSSv3 Version	3

SUSE Bugzilla entry: 1079429 [RESOLVED / FIXED]

SUSE Security Advisories:

openSUSE-SU-2018:0397-1, published Thu, 8 Feb 2018 12:17:28 +0100 (CET)
openSUSE-SU-2018:0398-1, published Thu, 8 Feb 2018 12:18:05 +0100 (CET)

List of released packages

Product(s)	Fixed package version(s)	References
SUSE Package Hub 12 SP3	`drkonqi5 >= 5.8.7-8.1` `plasma5-workspace >= 5.8.7-8.1` `plasma5-workspace-devel >= 5.8.7-8.1` `plasma5-workspace-lang >= 5.8.7-8.1` `plasma5-workspace-libs >= 5.8.7-8.1`	Patchnames: openSUSE-2018-147

SUSE Timeline for this CVE

CVE page created: Mon Feb 5 19:32:07 2018
CVE page last modified: Wed Oct 26 21:13:20 2022

CVE-2018-6790

Common Vulnerabilities and Exposures

Upstream information

Description

SUSE information

SUSE Security Advisories:

List of released packages

SUSE Timeline for this CVE

Business-Critical Linux

Enterprise Container Management

Edge

解决方案

Industries

支持服务

SUSE 全球服务

支持资源

合作伙伴

Communities

关于