ispdbservice.cpp in KDE Kmail before 6.2.0 allows man-in-the-middle attackers to trigger use of an attacker-controlled mail server because cleartext HTTP is used for a URL such as http://autoconfig.example.com or http://example.com/.well-known/autoconfig for retrieving the configuration. This is related to kmail-account-wizard.
Metrics
Affected Vendors & Products
References
History
Wed, 30 Oct 2024 21:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Kde
Kde kmail |
|
Weaknesses | CWE-319 | |
CPEs | cpe:2.3:a:kde:kmail:*:*:*:*:*:*:*:* | |
Vendors & Products |
Kde
Kde kmail |
|
Metrics |
cvssV3_1
|
Mon, 28 Oct 2024 00:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | ispdbservice.cpp in KDE Kmail before 6.2.0 allows man-in-the-middle attackers to trigger use of an attacker-controlled mail server because cleartext HTTP is used for a URL such as http://autoconfig.example.com or http://example.com/.well-known/autoconfig for retrieving the configuration. This is related to kmail-account-wizard. | |
References |
|
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2024-10-27T00:00:00
Updated: 2024-10-30T20:23:07.272Z
Reserved: 2024-10-27T00:00:00
Link: CVE-2024-50624
Vulnrichment
Updated: 2024-10-30T20:22:53.732Z
NVD
Status : Awaiting Analysis
Published: 2024-10-28T00:15:03.720
Modified: 2024-10-30T21:35:12.223
Link: CVE-2024-50624
Redhat
No data.