Description KDE kmail before 5.5.2 and messagelib before 5.5.2, as distributed in KDE Applications before 17.04.2, do not ensure that a plugin's sign/encrypt action occurs during use of the Send Later feature, which allows remote attackers to obtain sensitive information by sniffing the network.
CVSS vector CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Exploitability: 3.9 | Impact: 3.6 Attack Vector: Network
Complexity: Low
Privileges: None
User Interaction: None
Scope: Unchanged
Confidentiality: High
Integrity: None
Availability: None
Affected Packages3 packages
🔴 Vulnerability Details4 GHSA GHSA-7w32-mxrp-49jg: KDE kmail before 5 ↗ 2022-05-13 ▶ OSV CVE-2017-9604: KDE kmail before 5 ↗ 2017-06-13 ▶ CVEList CVE-2017-9604: KDE kmail before 5 ↗ 2017-06-13 ▶ Kernel Merge tag 'keys-fixes-20170419' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs ↗ 2017-04-20 ▶
📋 Vendor Advisories2 Red Hat kmail: Send Later with Delay bypasses OpenPGP ↗ 2017-06-13 ▶ Debian CVE-2017-9604: kf5-messagelib - KDE kmail before 5.5.2 and messagelib before 5.5.2, as distributed in KDE Applic... ↗ 2017 ▶
💬 Community6 Bugzilla CVE-2017-9604 kmail: Send Later with Delay bypasses OpenPGP ↗ 2017-06-15 ▶ Bugzilla CVE-2017-9604 kdepim3: kmail: Send Later with Delay bypasses OpenPGP [fedora-all] ↗ 2017-06-15 ▶ Bugzilla CVE-2017-9604 kdepim3: kmail: Send Later with Delay bypasses OpenPGP [epel-7] ↗ 2017-06-15 ▶ Bugzilla CVE-2017-9604 kf5-messagelib: kmail: Send Later with Delay bypasses OpenPGP [fedora-all] ↗ 2017-06-15 ▶ Bugzilla CVE-2017-9604 kdepim4: kmail: Send Later with Delay bypasses OpenPGP [fedora-all] ↗ 2017-06-15 ▶ Show 1 more