CVE-2017-6410

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2017-6410

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-6410.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2017-6410

Related

Published

2017-03-02T06:59:01Z

Modified

2025-02-19T02:28:30.530794Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

kpac/script.cpp in KDE kio before 5.32 and kdelibs before 4.14.30 calls the PAC FindProxyForURL function with a full https URL (potentially including Basic Authentication credentials, a query string, or PATH_INFO), which allows remote attackers to obtain sensitive information via a crafted PAC file.

References

Affected packages

Debian:11 / kio

Package

Name: kio
Purl: pkg:deb/debian/kio?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.28.0-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / kio

Package

Name: kio
Purl: pkg:deb/debian/kio?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.28.0-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / kio

Package

Name: kio
Purl: pkg:deb/debian/kio?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.28.0-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/kde/kdelibs

Affected ranges

Type: GIT
Repo: https://github.com/kde/kdelibs
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

f635d3b2347b400b74f199f1904a5129def28890

Type: GIT
Repo: https://github.com/kde/kio
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

0996491501b66ea0853ce4f2d42f15a44db38528

Affected versions

KDE/4.*

KDE/4.8.97

v3.*

v3.4.0-beta1

v3.4.0-beta2

v3.80.2

v3.80.3

v3.91

v3.92

v3.95

v3.96

v3.97

v4.*

v4.0.0

v4.0.1

v4.0.2

v4.0.3

v4.0.71

v4.0.80

v4.0.83

v4.1.96

v4.10.0

v4.10.1

v4.10.2

v4.10.3

v4.10.4

v4.10.5

v4.10.80

v4.10.90

v4.10.95

v4.10.97

v4.11.0

v4.11.1

v4.11.2

v4.11.3

v4.11.4

v4.11.5

v4.11.80

v4.11.90

v4.11.95

v4.11.97

v4.12.0

v4.12.1

v4.12.2

v4.12.3

v4.12.4

v4.12.5

v4.12.80

v4.12.90

v4.12.95

v4.12.97

v4.13.0

v4.13.1

v4.13.2

v4.13.3

v4.13.80

v4.13.90

v4.13.95

v4.13.97

v4.14.0

v4.14.1

v4.14.10

v4.14.11

v4.14.12

v4.14.13

v4.14.14

v4.14.15

v4.14.16

v4.14.17

v4.14.18

v4.14.19

v4.14.2

v4.14.20

v4.14.21

v4.14.22

v4.14.23

v4.14.24

v4.14.25

v4.14.26

v4.14.27

v4.14.28

v4.14.29

v4.14.3

v4.14.4

v4.14.5

v4.14.6

v4.14.7

v4.14.8

v4.14.9

v4.2.95

v4.2.96

v4.3.95

v4.3.98

v4.4.1

v4.4.80

v4.4.85

v4.6.90

v4.6.95

v4.7.0

v4.7.1

v4.7.2

v4.7.3

v4.7.4

v4.7.95

v4.7.97

v4.8.0

v4.8.1

v4.8.2

v4.8.3

v4.8.4

v4.8.80

v4.8.90

v4.8.95

v4.8.97

v4.9.0

v4.9.1

v4.9.2

v4.9.3

v4.9.4

v4.9.80

v4.9.90

v4.9.95

v4.9.97

v4.9.98