CVE-2018-6790

Priority
Description
An issue was discovered in KDE Plasma Workspace before 5.12.0.
dataengines/notifications/notificationsengine.cpp allows remote attackers
to discover client IP addresses via a URL in a notification, as
demonstrated by the src attribute of an IMG element.
Notes
sarnoldChanges run-time behaviour of notifications in a way that is
likely to cause regression bugs.
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was ignored [too intrusive])
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):ignored (too intrusive)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (4:5.12.1-0ubuntu1)
Patches:
Upstream:https://cgit.kde.org/plasma-workspace.git/commit/?id=5bc696b5abcdb460c1017592e80b2d7f6ed3107c
Upstream:https://cgit.kde.org/plasma-workspace.git/commit/?id=8164beac15ea34ec0d1564f0557fe3e742bdd938
More Information

Updated: 2019-12-05 18:51:20 UTC (commit dd38ff22974aae499eb50644b9d5a2817483cbdb)