CVE-2018-6790
MEDIUMKDE Plasma Workspace < 5.12.0 - Exposure of Client IP Address via Notification URL
Title source: llmDescription
An issue was discovered in KDE Plasma Workspace before 5.12.0. dataengines/notifications/notificationsengine.cpp allows remote attackers to discover client IP addresses via a URL in a notification, as demonstrated by the src attribute of an IMG element.
References (5)
Core 5
Core References
Vendor Advisory x_refsource_confirm
https://cgit.kde.org/plasma-workspace.git/commit/?id=5bc696b5abcdb460c1017592e80b2d7f6ed3107c
Vendor Advisory x_refsource_confirm
https://cgit.kde.org/plasma-workspace.git/commit/?id=8164beac15ea34ec0d1564f0557fe3e742bdd938
Issue Tracking, Vendor Advisory x_refsource_confirm
https://phabricator.kde.org/D10188
Vendor Advisory x_refsource_confirm
https://www.kde.org/announcements/plasma-5.11.5-5.12.0-changelog.php
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:2141
Scores
CVSS v3
5.3
EPSS
0.0022
EPSS Percentile
45.1%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (1)
kde/plasma-workspace
< 5.12.0
Published
Feb 07, 2018
Tracked Since
Feb 18, 2026