CVE-2020-15954

CWE-319Cleartext Transmission7 documents6 sources
Severity
6.5MEDIUM
EPSS
0.1%
top 74.83%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Debian Debian LinuxKDE Kmail
Timeline
PublishedJul 27
Latest updateMay 24

Description

KDE KMail 19.12.3 (aka 5.13.3) engages in unencrypted POP3 communication during times when the UI indicates that encryption is in use.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

Debiankmail-account-wizard< 4:20.04.1-2+3
NVDkde/kmail19.12.3
Debianksmtp< 21.12.3-2+2
Debiankdepim-runtime< 4:20.04.1-2+3

Also affects: Debian Linux 9.0

🔴Vulnerability Details

3
GHSA
GHSA-92g9-cf99-2j4r: KDE KMail 192022-05-24
OSV
CVE-2020-15954: KDE KMail 192020-07-27
CVEList
CVE-2020-15954: KDE KMail 192020-07-27

📋Vendor Advisories

1
Debian
CVE-2020-15954: kdepim-runtime - KDE KMail 19.12.3 (aka 5.13.3) engages in unencrypted POP3 communication during ...2020

💬Community

2
Bugzilla
CVE-2020-15954 kmail: engages in unencrypted POP3 communication during times when the UI indicates that encryption is in use [fedora-all]2020-07-27
Bugzilla
CVE-2020-15954 kmail: engages in unencrypted POP3 communication during times when the UI indicates that encryption is in use2020-07-27
CVE-2020-15954 (MEDIUM CVSS 6.5) | KDE KMail 19.12.3 (aka 5.13.3) enga | cvebase.io