QwikSec

Security Database

CVE

CWE

Training

CVE-2020-24972

Published: Aug 29, 2020

Modified: Aug 4, 2024

PUBLISHED

CVSS v3.1

8.8

HIGH

Description

The Kleopatra component before 3.1.12 (and before 20.07.80) for GnuPG allows remote attackers to execute arbitrary code because openpgp4fpr: URLs are supported without safe handling of command-line options. The Qt platformpluginpath command-line option can be used to load an arbitrary DLL.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:R

Attack Complexity

Low

Attack Vector

Network

Availability

High

Confidentiality

High

Integrity

High

Privileges Required

None

Scope

Unchanged

User Interaction

Required

References

https://dev.gnupg.org/rKLEOPATRAb4bd63c1739900d94c04da03045e9445a5a5f54b

x_refsource_MISC

https://dev.gnupg.org/source/kleo/browse/master/CMakeLists.txt

x_refsource_MISC

vendor-advisory

x_refsource_GENTOO

FEDORA-2020-9b441d3153

vendor-advisory

x_refsource_FEDORA

openSUSE-SU-2020:1723

vendor-advisory

x_refsource_SUSE

openSUSE-SU-2020:1754

vendor-advisory

x_refsource_SUSE

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.