Vulnerability Description
The HTML thumbnailer plugin in KDE Applications before 18.12.0 allows attackers to trigger outbound TCP connections to arbitrary IP addresses, leading to disclosure of the source IP address.
CVSS Score
7.5
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Kde | Kde Applications | < 18.12.0 |
Related Weaknesses (CWE)
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1649420Issue TrackingThird Party Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://bugzilla.redhat.com/show_bug.cgi?id=1649420Issue TrackingThird Party Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
FAQ
What is CVE-2018-19120?
CVE-2018-19120 is a vulnerability with a CVSS score of 7.5 (HIGH). The HTML thumbnailer plugin in KDE Applications before 18.12.0 allows attackers to trigger outbound TCP connections to arbitrary IP addresses, leading to disclosure of the source IP address.
How severe is CVE-2018-19120?
CVE-2018-19120 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-19120?
Check the references section above for vendor advisories and patch information. Affected products include: Kde Kde Applications.