CVE-2021-31855

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-31855

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-31855.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2021-31855

Related

Published

2021-06-02T16:15:08Z

Modified

2024-10-12T07:31:01.034222Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

KDE Messagelib through 5.17.0 reveals cleartext of encrypted messages in some situations. Deleting an attachment of a decrypted encrypted message stored on a remote server (e.g., an IMAP server) causes KMail to upload the decrypted content of the message to the remote server. With a crafted message, a user could be tricked into decrypting an encrypted message and then deleting an attachment attached to this message. If the attacker has access to the messages stored on the email server, then the attacker could read the decrypted content of the encrypted message. This occurs in ViewerPrivate::deleteAttachment in messageviewer/src/viewer/viewer_p.cpp.

References

Affected packages

Debian:11 / kf5-messagelib

Package

Name: kf5-messagelib
Purl: pkg:deb/debian/kf5-messagelib?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4:20.08.3-5

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / kf5-messagelib

Package

Name: kf5-messagelib
Purl: pkg:deb/debian/kf5-messagelib?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4:20.08.3-5

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / kf5-messagelib

Package

Name: kf5-messagelib
Purl: pkg:deb/debian/kf5-messagelib?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4:20.08.3-5

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/kde/messagelib

Affected ranges

Type: GIT
Repo: https://github.com/kde/messagelib
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

3b5b171e91ce78b966c98b1292a1bcbc8d984799

Affected versions

v16.*

v16.03.80

v16.03.90

v16.04.0

v16.04.1

v16.04.2

v16.04.3

v16.07.80

v16.07.90

v16.08.0

v16.08.1

v16.08.2

v16.11.80

v16.11.90

v16.12.0

v16.12.1

v16.12.2

v16.12.3

v17.*

v17.03.80

v17.03.90

v17.04.0

v17.04.1

v17.04.2

v17.04.3

v17.07.80

v17.07.90

v17.08.0

v17.08.1

v17.08.2

v17.08.3

v17.11.80

v17.11.90

v17.12.0

v17.12.1

v17.12.2

v17.12.3

v18.*

v18.03.80

v18.03.90

v18.04.0

v18.04.1

v18.04.2

v18.04.3

v18.07.80

v18.07.90

v18.08.0

v18.08.1

v18.08.2

v18.08.3

v18.11.80

v18.11.90

v18.12.0

v18.12.1

v18.12.2

v18.12.3

v19.*

v19.03.80

v19.03.90

v19.04.0

v19.04.1

v19.04.2

v19.07.80

v19.07.90

v19.08.0

v19.08.1

v19.08.2

v19.11.80

v19.11.90

v19.12.0

v19.12.1

v19.12.2

v19.12.3

v20.*

v20.03.80

v20.03.90

v20.04.0

v20.04.1

v20.04.2

v20.04.3

v20.07.80

v20.07.90

v20.08.0

v20.08.1

v20.08.2

v20.08.3

v20.11.80

v20.11.90

v20.12.0

v20.12.1

v20.12.2

v20.12.3

v21.*

v21.03.80

v21.03.90

v21.04.0