An issue exists in KDE Plasma Workspace prior to 5.12.0. dataengines/notifications/notificationsengine.cpp allows remote malicious users to discover client IP addresses via a URL in a notification, as demonstrated by the src attribute of an IMG element.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
kde plasma-workspace |