CVE-2012-5624Sensitive Information Exposure in QT

CWE-200Sensitive Information Exposure6 documents5 sources
Severity
4.3MEDIUMNVD
EPSS
1.9%
top 16.87%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Digia QTCanonical Ubuntu LinuxQT
Timeline
PublishedFeb 24
Latest updateMay 13

Description

The XMLHttpRequest object in Qt before 4.8.4 enables http redirection to the file scheme, which allows man-in-the-middle attackers to force the read of arbitrary local files and possibly obtain sensitive information via a file: URL to a QML application.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

NVDdigia/qt4.8.3
NVDqt/qt56 versions+55

Also affects: Ubuntu Linux 10.04, 11.10, 12.04, 12.10

🔴Vulnerability Details

1
GHSA
GHSA-xmh5-6gpf-xj49: The XMLHttpRequest object in Qt before 42022-05-13

📋Vendor Advisories

2
Ubuntu
Qt vulnerabilities2013-02-14
Red Hat
Qt: QML XmlHttpRequest insecure redirection2012-11-30

💬Community

2
Bugzilla
CVE-2012-5624 Qt: QML XmlHttpRequest insecure redirection2012-12-04
Bugzilla
CVE-2012-5624 Qt: QML XmlHttpRequest insecure redirection [fedora-all]2012-12-04
CVE-2012-5624 — Sensitive Information Exposure in QT | cvebase