CVE-2020-11880
Severity Score
6.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
An issue was discovered in KDE KMail before 19.12.3. By using the proprietary (non-RFC6068) "mailto?attach=..." parameter, a website (or other source of mailto links) can make KMail attach local files to a composed email message without showing a warning to the user, as demonstrated by an attach=.bash_history value.
Se detectó un problema en KDE KMail versiones anteriores a 19.12.3. Al usar el parámetro "mailto?attach=..." de propietario (non-RFC6068), un sitio web (u otra fuente de enlaces mailto) puede hacer que KMail adjunte archivos locales a un mensaje de correo electrónico compuesto sin mostrar una advertencia al usuario, como es demostrado por un valor attach=.bash_history.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2020-04-17 CVE Reserved
- 2020-04-17 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (2)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://cgit.kde.org/kmail.git/commit/?id=2a348eccd352260f192d9b449492071bbf2b34b1 | 2020-04-29 |
| URL | Date | SRC |
|---|---|---|
| https://cgit.kde.org/kmail.git/tag/?h=v19.12.3 | 2020-04-29 |