KDE Discover up to 5.18.6/5.21.2 URL KNSResource.cpp privilege escalation

Summaryinfo

A vulnerability, which was classified as critical, has been found in KDE Discover up to 5.18.6/5.21.2. This vulnerability affects unknown code of the file libdiscover/backends/KNSBackend/KNSResource.cpp of the component URL Handler. The manipulation leads to an unknown weakness. This vulnerability is referenced as CVE-2021-28117. Remote exploitation of the attack is possible. No exploit is available. It is advisable to upgrade the affected component.

Detailsinfo

A vulnerability, which was classified as critical, has been found in KDE Discover up to 5.18.6/5.21.2. This issue affects an unknown functionality of the file libdiscover/backends/KNSBackend/KNSResource.cpp of the component URL Handler. The impact remains unknown.

The weakness was published 03/21/2021. It is possible to read the advisory at kde.org. The identification of this vulnerability is CVE-2021-28117. Technical details of the vulnerability are known, but there is no available exploit.

Upgrading to version 5.18.7 or 5.21.3 eliminates this vulnerability. Applying a patch is able to eliminate this problem. The bugfix is ready for download at invent.kde.org. The best possible mitigation is suggested to be upgrading to the latest version.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Productinfo

Vendor

• KDE

Name

• Discover

Version

• 5.18.0
• 5.18.1
• 5.18.2
• 5.18.3
• 5.18.4
• 5.18.5
• 5.18.6
• 5.21.0
• 5.21.1
• 5.21.2

License

• open-source

Website

• Vendor: https://kde.org/

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Discussion