UBUNTU-CVE-2024-50624
- Source
- https://ubuntu.com/security/CVE-2024-50624
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-50624.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2024-50624
- Upstream
- Published
- 2024-10-28T00:15:00Z
- Modified
- 2025-07-21T17:04:57Z
- Severity
-
- 5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N CVSS Calculator
- Ubuntu - medium
- Summary
- [none]
- Details
-
ispdbservice.cpp in KDE Kmail before 6.2.0 allows man-in-the-middle attackers to trigger use of an attacker-controlled mail server because cleartext HTTP is used for a URL such as http://autoconfig.example.com or http://example.com/.well-known/autoconfig for retrieving the configuration. This is related to kmail-account-wizard.
- References
-
- https://ubuntu.com/security/CVE-2024-50624
- https://www.cve.org/CVERecord?id=CVE-2024-50624
- https://bugs.kde.org/show_bug.cgi?id=487882
- https://kde.org/announcements/megarelease/6/
- https://invent.kde.org/pim/kmail/-/tags
- https://invent.kde.org/pim/kmail-account-wizard/-/commit/9784f5ab41c3aff435d4a88afb25585180a62ee4
Affected packages
Ubuntu:Pro:16.04:LTS / kdepim
Package
- Name
- kdepim
- Purl
- pkg:deb/ubuntu/kdepim@4:15.12.3-0ubuntu1.1?arch=source&distro=esm-apps/xenial
Ubuntu:Pro:18.04:LTS / kmail-account-wizard
Package
- Name
- kmail-account-wizard
- Purl
- pkg:deb/ubuntu/kmail-account-wizard@4:17.12.3-0ubuntu1?arch=source&distro=esm-apps/bionic
Ubuntu:Pro:20.04:LTS / kmail-account-wizard
Package
- Name
- kmail-account-wizard
- Purl
- pkg:deb/ubuntu/kmail-account-wizard@4:19.12.3-0ubuntu1?arch=source&distro=esm-apps/focal
Ubuntu:22.04:LTS / kmail-account-wizard
Package
- Name
- kmail-account-wizard
- Purl
- pkg:deb/ubuntu/kmail-account-wizard@4:21.12.3-0ubuntu1?arch=source&distro=jammy