CVE-2024-50624
Oct. 28, 2024, 1:58 p.m.
Tags
Product(s) Impacted
KDE Kmail
- before 6.2.0
Description
ispdbservice.cpp in KDE Kmail before 6.2.0 allows man-in-the-middle attackers to trigger use of an attacker-controlled mail server because cleartext HTTP is used for a URL such as http://autoconfig.example.com or http://example.com/.well-known/autoconfig for retrieving the configuration. This is related to kmail-account-wizard.
Weaknesses
Date
Published: Oct. 28, 2024, 12:15 a.m.
Last Modified: Oct. 28, 2024, 1:58 p.m.
Status : Awaiting Analysis
CVE has been recently published to the CVE List and has been received by the NVD.
More infoSource
cve@mitre.org
References
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org