VDB
CVE-2018-6790
CVE-2018-6790
PUBLISHED
An issue was discovered in KDE Plasma Workspace before 5.12.0. dataengines/notifications/notificationsengine.cpp allows remote attackers to discover client IP addresses via a URL in a notification, as demonstrated by the src attribute of an IMG element.
EPSS 0.22% · 45.3th percentile
Risk Scores
EPSS Score
0.22%
45.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:16.04:LTS | plasma-workspace | 0, 4:5.4.2-0ubuntu1, 4:5.5.4-0ubuntu1 |
Exploit Intelligence
- https://cgit.kde.org/plasma-workspace.git/commit/?id=5bc696b5abcdb460c1017592e80b2d7f6ed3107c (circl)
- https://cgit.kde.org/plasma-workspace.git/commit/?id=8164beac15ea34ec0d1564f0557fe3e742bdd938 (circl)
- https://phabricator.kde.org/D10188 (circl)
- https://www.kde.org/announcements/plasma-5.11.5-5.12.0-changelog.php (circl)
- RHSA-2019:2141 (circl)
Timeline
- Feb 7, 2018 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- May 2, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 5, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Jan 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2018-6790 third-party-advisory
- https://phabricator.kde.org/D10188 third-party-advisory
- https://www.kde.org/announcements/plasma-5.11.5-5.12.0-changelog.php third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2018-6790 third-party-advisory