漏洞标题
KDE Plasma 工作空间主题文件 eventpluginsmanager.cpp 允许的插件路径遍历漏洞
漏洞描述信息
在KDE Plasma Workspaces 5.93.0及更低版本中发现了一个问题漏洞。此漏洞影响组件Theme File Handler的文件components/calendar/eventpluginsmanager.cpp中的EventPluginsManager::enabledPlugins功能。
对参数pluginId的操作导致路径遍历。远程发起攻击是可能的。攻击的复杂性相当高,利用难度也被认为较高。
补丁名为6cdf42916369ebf4ad5bd876c4dfa0170d7b2f01。建议应用补丁来修复这个问题。与此漏洞关联的标识符为VDB-253407。注意:这需要对用户主目录或第三方全局主题安装具有写入权限。
CVSS信息
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
漏洞类别
对路径名的限制不恰当(路径遍历)
漏洞标题
KDE Plasma Workspace Theme File eventpluginsmanager.cpp enabledPlugins path traversal
漏洞描述信息
A vulnerability, which was classified as problematic, was found in KDE Plasma Workspace up to 5.93.0. This affects the function EventPluginsManager::enabledPlugins of the file components/calendar/eventpluginsmanager.cpp of the component Theme File Handler. The manipulation of the argument pluginId leads to path traversal. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The patch is named 6cdf42916369ebf4ad5bd876c4dfa0170d7b2f01. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-253407. NOTE: This requires write access to user's home or the installation of third party global themes.
CVSS信息
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
漏洞类别
对路径名的限制不恰当(路径遍历)
漏洞标题
KDE Workspace 路径遍历漏洞
漏洞描述信息
KDE Workspace是KDE社区的一款虚拟桌面工具。 KDE Workspace 5.93.0及之前版本存在路径遍历漏洞,该漏洞源于组件/calendar/eventpluginsmanager.cpp存在路径遍历漏洞。
CVSS信息
N/A
漏洞类别
路径遍历