libdiscover/backends/KNSBackend/KNSResource.cpp in KDE Discover before 5.21.3 automatically creates links to potentially dangerous URLs (that are neither https:// nor http://) based on the content of the store.kde.org web site. (5.18.7 is also a fixed version.)
References
Link | Resource |
---|---|
https://github.com/KDE/discover/commit/fcd3b30552bf03a384b1a16f9bb8db029c111356 | Patch |
https://github.com/KDE/discover/releases | Third Party Advisory |
https://invent.kde.org/plasma/discover/commit/94478827aab63d2e2321f0ca9ec5553718798e60 | Patch Third Party Advisory |
https://kde.org/info/security/advisory-20210310-1.txt | Patch Vendor Advisory |
https://userbase.kde.org/Discover | Product Vendor Advisory |
Configurations
History
28 Dec 2023, 16:24
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/KDE/discover/commit/fcd3b30552bf03a384b1a16f9bb8db029c111356 - Patch |
16 Nov 2023, 22:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
01 Apr 2021, 14:58
Type | Values Removed | Values Added |
---|---|---|
References | (CONFIRM) https://kde.org/info/security/advisory-20210310-1.txt - Patch, Vendor Advisory | |
References | (CONFIRM) https://invent.kde.org/plasma/discover/commit/94478827aab63d2e2321f0ca9ec5553718798e60 - Patch, Third Party Advisory | |
References | (MISC) https://userbase.kde.org/Discover - Product, Vendor Advisory | |
References | (MISC) https://github.com/KDE/discover/releases - Third Party Advisory | |
CWE | NVD-CWE-noinfo | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
CPE | cpe:2.3:a:kde:discover:*:*:*:*:*:*:*:* |
20 Mar 2021, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-03-20 21:15
Updated : 2023-12-28 16:24
NVD link : CVE-2021-28117
Mitre link : CVE-2021-28117
CVE.ORG link : CVE-2021-28117
JSON object : View
Products Affected
kde
- discover
CWE