Cross site request forgery (csrf)

2010-05-1721:00:00

PRIOn knowledge base

www.prio-n.com

7 High

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

0.008 Low

EPSS

Percentile

81.6%

JSON

KGet 2.4.2 in KDE SC 4.0.0 through 4.4.3 does not properly request download confirmation from the user, which makes it easier for remote attackers to overwrite arbitrary files via a crafted metalink file.

CPENameOperatorVersion
kde_sceq2.2.0
kde_sceq3.5.10
kde_sceq4.0.0 alpha2
kde_sceq4.0.0 rc1
kde_sceq4.0.0 beta4
kde_sceq4.0.0 beta3
kde_sceq4.0.0
kde_sceq4.0.0 alpha1
kde_sceq4.0.0 rc2
kde_sceq4.0.0 beta2

Name	Operator	Version
kde_sc	eq	2.2.0
kde_sc	eq	3.5.10
kde_sc	eq	4.0.0 alpha2
kde_sc	eq	4.0.0 rc1
kde_sc	eq	4.0.0 beta4
kde_sc	eq	4.0.0 beta3
kde_sc	eq	4.0.0
kde_sc	eq	4.0.0 alpha1
kde_sc	eq	4.0.0 rc2
kde_sc	eq	4.0.0 beta2