Insertion of Sensitive Information into Log File Affecting KDE/libksieve package, versions [,23.03.80)
Snyk CVSS
Attack Complexity
Low
Confidentiality
High
Threat Intelligence
EPSS
0.05% (15th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-UNMANAGED-KDELIBKSIEVE-6692206
- published 29 Apr 2024
- disclosed 29 Apr 2024
- credit Jonas Schäfer
Introduced: 29 Apr 2024
New CVE-2023-52723 Open this link in a new tabHow to fix?
Upgrade KDE/libksieve
to version 23.03.80 or higher.
Overview
Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File due to the improper handling of sensitive information in session.cpp
, where a username variable is mistakenly assigned a password value. An attacker can gain access to cleartext passwords by reviewing server logs.