Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Lifecycle Timeline
1DescriptionNVD
libdiscover/backends/KNSBackend/KNSResource.cpp in KDE Discover before 5.21.3 automatically creates links to potentially dangerous URLs (that are neither https:// nor http://) based on the content of the store.kde.org web site. (5.18.7 is also a fixed version.)
AnalysisAI
libdiscover/backends/KNSBackend/KNSResource.cpp in KDE Discover before 5.21.3 automatically creates links to potentially dangerous URLs (that are neither https:// nor http://) based on the content of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Technical ContextAI
libdiscover/backends/KNSBackend/KNSResource.cpp in KDE Discover before 5.21.3 automatically creates links to potentially dangerous URLs (that are neither https:// nor http://) based on the content of the store.kde.org web site. (5.18.7 is also a fixed version.) Affected products include: Kde Discover. Version information: before 5.21.3.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Tanium addressed an incorrect default permissions vulnerability in Discover. [CVSS 6.5 MEDIUM]
Tanium addressed an improper input validation vulnerability in Discover. [CVSS 6.3 MEDIUM]
Tanium addressed an uncontrolled resource consumption vulnerability in Discover. [CVSS 4.9 MEDIUM]
Tanium addressed an improper input validation vulnerability in Discover. [CVSS 2.7 LOW]
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today