Ubuntu.comUB:CVE-2021-31855CVE-2021-31855
4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
0.001 Low
EPSS
Percentile
28.4%
KDE Messagelib through 5.17.0 reveals cleartext of encrypted messages in
some situations. Deleting an attachment of a decrypted encrypted message
stored on a remote server (e.g., an IMAP server) causes KMail to upload the
decrypted content of the message to the remote server. With a crafted
message, a user could be tricked into decrypting an encrypted message and
then deleting an attachment attached to this message. If the attacker has
access to the messages stored on the email server, then the attacker could
read the decrypted content of the encrypted message. This occurs in
ViewerPrivate::deleteAttachment in messageviewer/src/viewer/viewer_p.cpp.
Bugs
Related
4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
0.001 Low
EPSS
Percentile
28.4%