Lucene search

K
freebsdFreeBSD1460AA25-E6AB-11E8-A733-E0D55E2A8BF9
HistoryNov 12, 2018 - 12:00 a.m.

kio-extras -- HTML Thumbnailer automatic remote file access

2018-11-1200:00:00
vuxml.freebsd.org
386

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

54.1%

Albert Astals Cid reports:

Various KDE applications share a plugin system to create thumbnails
of various file types for displaying in file managers, file dialogs, etc.
kio-extras contains a thumbnailer plugin for HTML files.

     The HTML thumbnailer was incorrectly accessing some content of
     remote URLs listed in HTML files. This meant that the owners of the servers
     referred in HTML files in your system could have seen in their access logs
     your IP address every time the thumbnailer tried to create the thumbnail.
  

    The HTML thumbnailer has been removed in upcoming KDE Applications 18.12.0
    because it was actually not creating thumbnails for files at all.
OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchkio-extras< 18.08.3_2UNKNOWN

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

54.1%

Related for 1460AA25-E6AB-11E8-A733-E0D55E2A8BF9