Vulnerability Description
KDE KMail does not encrypt attachments in emails when "automatic encryption" is enabled, which allows remote attackers to obtain sensitive information by sniffing the network.
CVSS Score
5.9
MEDIUM
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Kde | Kmail | 4.11.5 |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2015/07/16/10Mailing ListPatchThird Party Advisory
- http://www.securityfocus.com/bid/75986Third Party AdvisoryVDB Entry
- https://bugs.kde.org/show_bug.cgi?id=340312Issue TrackingPatchVendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1243777Issue TrackingPatchThird Party Advisory
- http://www.openwall.com/lists/oss-security/2015/07/16/10Mailing ListPatchThird Party Advisory
- http://www.securityfocus.com/bid/75986Third Party AdvisoryVDB Entry
- https://bugs.kde.org/show_bug.cgi?id=340312Issue TrackingPatchVendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1243777Issue TrackingPatchThird Party Advisory
FAQ
What is CVE-2014-8878?
CVE-2014-8878 is a vulnerability with a CVSS score of 5.9 (MEDIUM). KDE KMail does not encrypt attachments in emails when "automatic encryption" is enabled, which allows remote attackers to obtain sensitive information by sniffing the network.
How severe is CVE-2014-8878?
CVE-2014-8878 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-8878?
Check the references section above for vendor advisories and patch information. Affected products include: Kde Kmail.