CVE-2018-6790 - OpenCVE

An issue was discovered in KDE Plasma Workspace before 5.12.0. dataengines/notifications/notificationsengine.cpp allows remote attackers to discover client IP addresses via a URL in a notification, as demonstrated by the src attribute of an IMG element.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Kde	Plasma-workspace

Configuration 1 [-]

cpe:2.3:a:kde:plasma-workspace:*:*:*:*:*:*:*:*

References

Link	Resource
https://access.redhat.com/errata/RHSA-2019:2141
https://cgit.kde.org/plasma-workspace.git/commit/?id=5bc696b5abcdb460c1017592e80b2d7f6ed3107c	Vendor Advisory
https://cgit.kde.org/plasma-workspace.git/commit/?id=8164beac15ea34ec0d1564f0557fe3e742bdd938	Vendor Advisory
https://phabricator.kde.org/D10188	Issue Tracking Vendor Advisory
https://www.kde.org/announcements/plasma-5.11.5-5.12.0-changelog.php	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2018-02-07T02:00:00

Updated: 2019-08-06T16:06:25

Reserved: 2018-02-06T00:00:00

Link: CVE-2018-6790

JSON object: View

NVD Information

Status : Modified

Published: 2018-02-07T02:29:01.373

Modified: 2019-08-06T17:15:39.307

Link: CVE-2018-6790

JSON object: View

Redhat Information

No data.

CWE

CWE-200

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2018-02-06T00:00:00", "descriptions": [{"lang": "en", "value": "An issue was discovered in KDE Plasma Workspace before 5.12.0. dataengines/notifications/notificationsengine.cpp allows remote attackers to discover client IP addresses via a URL in a notification, as demonstrated by the src attribute of an IMG element."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-08-06T16:06:25", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://cgit.kde.org/plasma-workspace.git/commit/?id=5bc696b5abcdb460c1017592e80b2d7f6ed3107c"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://cgit.kde.org/plasma-workspace.git/commit/?id=8164beac15ea34ec0d1564f0557fe3e742bdd938"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://phabricator.kde.org/D10188"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.kde.org/announcements/plasma-5.11.5-5.12.0-changelog.php"}, {"name": "RHSA-2019:2141", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:2141"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-6790", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in KDE Plasma Workspace before 5.12.0. dataengines/notifications/notificationsengine.cpp allows remote attackers to discover client IP addresses via a URL in a notification, as demonstrated by the src attribute of an IMG element."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://cgit.kde.org/plasma-workspace.git/commit/?id=5bc696b5abcdb460c1017592e80b2d7f6ed3107c", "refsource": "CONFIRM", "url": "https://cgit.kde.org/plasma-workspace.git/commit/?id=5bc696b5abcdb460c1017592e80b2d7f6ed3107c"}, {"name": "https://cgit.kde.org/plasma-workspace.git/commit/?id=8164beac15ea34ec0d1564f0557fe3e742bdd938", "refsource": "CONFIRM", "url": "https://cgit.kde.org/plasma-workspace.git/commit/?id=8164beac15ea34ec0d1564f0557fe3e742bdd938"}, {"name": "https://phabricator.kde.org/D10188", "refsource": "CONFIRM", "url": "https://phabricator.kde.org/D10188"}, {"name": "https://www.kde.org/announcements/plasma-5.11.5-5.12.0-changelog.php", "refsource": "CONFIRM", "url": "https://www.kde.org/announcements/plasma-5.11.5-5.12.0-changelog.php"}, {"name": "RHSA-2019:2141", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2141"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-6790", "datePublished": "2018-02-07T02:00:00", "dateReserved": "2018-02-06T00:00:00", "dateUpdated": "2019-08-06T16:06:25", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:kde:plasma-workspace:*:*:*:*:*:*:*:*", "matchCriteriaId": "8330FCDE-E85E-4FCC-BE43-5A1FA8BB98C8", "versionEndExcluding": "5.12.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in KDE Plasma Workspace before 5.12.0. dataengines/notifications/notificationsengine.cpp allows remote attackers to discover client IP addresses via a URL in a notification, as demonstrated by the src attribute of an IMG element."}, {"lang": "es", "value": "Se ha descubierto un problema en KDE Plasma Workspace en versiones anteriores a la 5.12.0 en el que dataengines/notifications/notificationsengine.cpp permite que los atacantes remotos descubran las direcciones IP de los clientes mediante una URL en una notificaci\u00f3n, tal y como queda demostrado con el atributo src de un elemento IMG."}], "id": "CVE-2018-6790", "lastModified": "2019-08-06T17:15:39.307", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-02-07T02:29:01.373", "references": [{"source": "cve@mitre.org", "url": "https://access.redhat.com/errata/RHSA-2019:2141"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://cgit.kde.org/plasma-workspace.git/commit/?id=5bc696b5abcdb460c1017592e80b2d7f6ed3107c"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://cgit.kde.org/plasma-workspace.git/commit/?id=8164beac15ea34ec0d1564f0557fe3e742bdd938"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://phabricator.kde.org/D10188"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.kde.org/announcements/plasma-5.11.5-5.12.0-changelog.php"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}