Vulnerability Details CVE-2018-19120
The HTML thumbnailer plugin in KDE Applications before 18.12.0 allows attackers to trigger outbound TCP connections to arbitrary IP addresses, leading to disclosure of the source IP address.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 49.7%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1649420
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CWRCGXLPJHM4OFD66BINH2FIMYHRCRKF/
- https://bugzilla.redhat.com/show_bug.cgi?id=1649420
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CWRCGXLPJHM4OFD66BINH2FIMYHRCRKF/
Products affected by CVE-2018-19120
-
cpe:2.3:a:kde:kde_applications:14.11.3
-
cpe:2.3:a:kde:kde_applications:14.12
-
cpe:2.3:a:kde:kde_applications:15.04
-
cpe:2.3:a:kde:kde_applications:15.08
-
cpe:2.3:a:kde:kde_applications:15.12
-
cpe:2.3:a:kde:kde_applications:16.04
-
cpe:2.3:a:kde:kde_applications:16.08
-
cpe:2.3:a:kde:kde_applications:16.12
-
cpe:2.3:a:kde:kde_applications:17.04
-
cpe:2.3:a:kde:kde_applications:17.08
-
cpe:2.3:a:kde:kde_applications:17.12
-
cpe:2.3:a:kde:kde_applications:18.04
-
cpe:2.3:a:kde:kde_applications:18.08
-
cpe:2.3:a:kde:kde_applications:18.12