CVE-2020-11880

Published: Apr 17, 2020

Modified: Aug 4, 2024

PUBLISHED

Description

An issue was discovered in KDE KMail before 19.12.3. By using the proprietary (non-RFC6068) "mailto?attach=..." parameter, a website (or other source of mailto links) can make KMail attach local files to a composed email message without showing a warning to the user, as demonstrated by an attach=.bash_history value.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://cgit.kde.org/kmail.git/commit/?id=2a348eccd352260f192d9b449492071bbf2b34b1

x_refsource_MISC

https://cgit.kde.org/kmail.git/tag/?h=v19.12.3

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2020-11880

Description

Affected Products

References