fishProtocol::establishConnection in fish/fish.cpp in KDE kio-extras through 20.04.0 makes a cacheAuthentication call even if the user had not set the keepPassword option. This may lead to unintended KWallet storage of a password.
References
Link | Resource |
---|---|
https://commits.kde.org/kio-extras/d813cef3cecdec9af1532a40d677a203ff979145 | Mailing List Patch Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2020-05-09T15:52:06
Updated: 2020-05-09T15:52:06
Reserved: 2020-05-09T00:00:00
Link: CVE-2020-12755
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-05-09T16:15:11.807
Modified: 2021-07-21T11:39:23.747
Link: CVE-2020-12755
JSON object: View
Redhat Information
No data.
CWE