The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:2141 advisory.

    The K Desktop Environment (KDE) is a graphical desktop environment for the X Window System. The kdelibs     packages include core libraries for the K Desktop Environment.

    The kde-workspace packages consist of components providing the KDE graphical desktop environment.

    Security Fix(es):

    * kde-workspace: Missing sanitization of notifications allows to leak client IP address via IMG element     (CVE-2018-6790)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Detections

Analytics

RHEL 7 : kde-workspace (RHSA-2019:2141)

medium Nessus Plugin ID 127682

Version 1.7

Version 1.6

Version 1.7 Nov 5, 2024, 12:50 PM CVSS metrics ("Cvssv4 score" set to 0.0) CVSSv2 severity (based on None, severity decreased from "High" to "Low") Detection (updated detection logic) Plugin metadata Reference Plugin Feed: 202411051250
Version 1.6 May 6, 2024, 8:57 AM CVSSv2 score source (set to "CVE-2018-6790") Exploit attributes ("Exploit available" set to "False") Plugin Feed: 202405060857