CVE-2018-6790

KDE Plasma Workspace (before 5.12.0) contains a vulnerability in dataengines/notifications/notificationsengine.cpp that allows remote attackers to discover a client’s IP address via a URL in a notification, demonstrated by the src attribute of an IMG element. The issue results from missing saniti...