Lucene search

[email protected]CVE-2018-19516

HistoryMar 12, 2020 - 9:15 p.m.

CVE-2018-19516

2020-03-1221:15:12

CWE-20

[email protected]

web.nvd.nist.gov

cve-2018-19516

messagelib

kde applications

security vulnerability

nvd

http-equiv

refresh

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

35.9%

JSON

messagepartthemes/default/defaultrenderer.cpp in messagelib in KDE Applications before 18.12.0 does not properly restrict the handling of an http-equiv=“REFRESH” value.

Affected configurations

NVD

Node

kdekde_applicationsRange<18.12

CPENameOperatorVersion
kde:kde_applicationskde kde applicationslt18.12

CPE	Name	Operator	Version
kde:kde_applications	kde kde applications	lt	18.12

References

cgit.kde.org/messagelib.git/commit/messageviewer/src/messagepartthemes/default/defaultrenderer.cpp?id=34765909cdf8e55402a8567b48fb288839c61612

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

35.9%

JSON

Related for CVE-2018-19516

openvas2 freebsd1 ubuntucve1 nessus3 nvd1 debiancve1 cvelist1 mageia1 prion1 suse1