CVE-2021-31855Cleartext Storage of Sensitive Info in Messagelib

CWE-312Cleartext Storage of Sensitive InfoCWE-319Cleartext Transmission of Sensitive Info5 documents5 sources
Severity
6.5MEDIUMNVD
EPSS
0.1%
top 66.19%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
KDE Messagelib
Timeline
PublishedJun 2
Latest updateMay 24

Description

KDE Messagelib through 5.17.0 reveals cleartext of encrypted messages in some situations. Deleting an attachment of a decrypted encrypted message stored on a remote server (e.g., an IMAP server) causes KMail to upload the decrypted content of the message to the remote server. With a crafted message, a user could be tricked into decrypting an encrypted message and then deleting an attachment attached to this message. If the attacker has access to the messages stored on the email server, then the

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

NVDkde/messagelib5.17.0

🔴Vulnerability Details

3
GHSA
GHSA-h76g-vp43-8cw5: KDE Messagelib through 52022-05-24
OSV
CVE-2021-31855: KDE Messagelib through 52021-06-02
CVEList
CVE-2021-31855: KDE Messagelib through 52021-06-02

📋Vendor Advisories

1
Debian
CVE-2021-31855: kf5-messagelib - KDE Messagelib through 5.17.0 reveals cleartext of encrypted messages in some si...2021
CVE-2021-31855 — Cleartext Storage of Sensitive Info | cvebase