CVE-2014-8878

CWE-3106 documents6 sources

Severity

5.9MEDIUM

EPSS

0.3%

top 48.21%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

KDE Kmail

Timeline

PublishedSep 28

Latest updateMay 17

Description

KDE KMail does not encrypt attachments in emails when "automatic encryption" is enabled, which allows remote attackers to obtain sensitive information by sniffing the network.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages1 packages

▶NVDkde/kmail4.11.5

Patches

Patch: www.openwall.com ↗Patch: bugs.kde.org ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-67gw-pr7f-99hr: KDE KMail does not encrypt attachments in emails when "automatic encryption" is enabled, which allows remote attackers to obtain sensitive information↗2022-05-17

▶

OSV

CVE-2014-8878: KDE KMail does not encrypt attachments in emails when "automatic encryption" is enabled, which allows remote attackers to obtain sensitive information↗2017-09-28

▶

CVEList

CVE-2014-8878: KDE KMail does not encrypt attachments in emails when "automatic encryption" is enabled, which allows remote attackers to obtain sensitive information↗2017-09-27

▶

📋Vendor Advisories

Red Hat

kdepim: KMail attachments are not encrypted when "automatic encryption" is selected↗2014-10-24

▶

💬Community

Bugzilla

CVE-2014-8878 kdepim: KMail attachments are not encrypted when "automatic encryption" is selected↗2015-07-16

▶