CVE-2023-52723

Published: Apr 29, 2024

Modified: Aug 2, 2024

PUBLISHED

Description

In KDE libksieve before 23.03.80, kmanagesieve/session.cpp places a cleartext password in server logs because a username variable is accidentally given a password value.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://invent.kde.org/pim/libksieve/-/commit/6b460ba93ac4ac503ba039d0b788ac7595120db1

https://invent.kde.org/pim/libksieve/-/tags/v23.03.80

https://www.openwall.com/lists/oss-security/2024/04/25/1

[oss-security] 20240430 Re: libksieve (used by kmail/kontact) sent password as username

mailing-list

[debian-lts-announce] 20240505 [SECURITY] [DLA 3809-1] libkf5ksieve security update

mailing-list

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2023-52723

Description

Affected Products

References