Vulnerability Details CVE-2015-1308
kde-workspace 4.2.0 and plasma-workspace before 5.1.95 allows remote attackers to obtain input events, and consequently obtain passwords, by leveraging access to the X server when the screen is locked.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 52.4%
CVSS Severity
CVSS v2 Score 4.3
References
- http://secunia.com/advisories/62051
- http://www.openwall.com/lists/oss-security/2015/01/22/6
- http://www.securityfocus.com/bid/72284
- https://www.kde.org/info/security/advisory-20150122-2.txt
- http://secunia.com/advisories/62051
- http://www.openwall.com/lists/oss-security/2015/01/22/6
- http://www.securityfocus.com/bid/72284
- https://www.kde.org/info/security/advisory-20150122-2.txt
Products affected by CVE-2015-1308
-
cpe:2.3:a:kde:kde-workspace:4.2.0
-
cpe:2.3:a:kde:plasma-workspace:4.96.0
-
cpe:2.3:a:kde:plasma-workspace:4.97.0
-
cpe:2.3:a:kde:plasma-workspace:4.98.0
-
cpe:2.3:a:kde:plasma-workspace:5.0.0
-
cpe:2.3:a:kde:plasma-workspace:5.0.1
-
cpe:2.3:a:kde:plasma-workspace:5.0.2
-
cpe:2.3:a:kde:plasma-workspace:5.0.95
-
cpe:2.3:a:kde:plasma-workspace:5.1