CVE-2024-1433 — Path Traversal in Plasma-workspace

CWE-22 — Path Traversal5 documents5 sources

Severity

3.7LOWNVD

CNA3.1

EPSS

0.1%

top 70.48%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

KDE Plasma-workspace KDE Plasma Workspace

Timeline

PublishedFeb 11

Latest updateFeb 12

Description

A vulnerability, which was classified as problematic, was found in KDE Plasma Workspace up to 5.93.0. This affects the function EventPluginsManager::enabledPlugins of the file components/calendar/eventpluginsmanager.cpp of the component Theme File Handler. The manipulation of the argument pluginId leads to path traversal. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The patch is named 6cdf42916369ebf4ad5bd…

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 2.2 | Impact: 1.4

Affected Packages2 packages

▶NVDkde/plasma-workspace5.93.0

▶CVEListV5kde/plasma_workspace94 versions+93

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-6g65-3cf7-chxv: A vulnerability, which was classified as problematic, was found in KDE Plasma Workspace up to 5↗2024-02-12

▶

OSV

CVE-2024-1433: A vulnerability, which was classified as problematic, was found in KDE Plasma Workspace up to 5↗2024-02-11

▶

CVEList

KDE Plasma Workspace Theme File eventpluginsmanager.cpp enabledPlugins path traversal↗2024-02-11

▶

📋Vendor Advisories

Debian

CVE-2024-1433: plasma-workspace - A vulnerability, which was classified as problematic, was found in KDE Plasma Wo...↗2024

▶