kpac/script.cpp in KDE kio before 5.32 and kdelibs before 4.14.30 calls the PAC FindProxyForURL function with a full https URL (potentially including Basic Authentication credentials, a query string, or PATH_INFO), which allows remote attackers to obtain sensitive information via a crafted PAC file.
The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Kdelibs | Kde | * | 4.14.29 (including) |
Kio | Kde | * | 5.31 (including) |
Kde4libs | Ubuntu | devel | * |
Kde4libs | Ubuntu | esm-apps/xenial | * |
Kde4libs | Ubuntu | esm-infra-legacy/trusty | * |
Kde4libs | Ubuntu | precise | * |
Kde4libs | Ubuntu | trusty | * |
Kde4libs | Ubuntu | trusty/esm | * |
Kde4libs | Ubuntu | upstream | * |
Kde4libs | Ubuntu | xenial | * |
Kde4libs | Ubuntu | yakkety | * |
Kio | Ubuntu | devel | * |
Kio | Ubuntu | esm-apps/xenial | * |
Kio | Ubuntu | upstream | * |
Kio | Ubuntu | xenial | * |
Kio | Ubuntu | yakkety | * |