CVE-2024-1433

Summary

A vulnerability, which was classified as problematic, was found in KDE Plasma Workspace up to 5.93.0. This affects the function EventPluginsManager::enabledPlugins of the file components/calendar/eventpluginsmanager.cpp of the component Theme File Handler. The manipulation of the argument pluginId leads to path traversal. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The patch is named 6cdf42916369ebf4ad5bd876c4dfa0170d7b2f01. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-253407. NOTE: This requires write access to user's home or the installation of third party global themes.

Affected Software

VendorProductVersion RangeStatus
KDEPlasma Workspace5.0affected
KDEPlasma Workspace5.1affected
KDEPlasma Workspace5.2affected
KDEPlasma Workspace5.3affected
KDEPlasma Workspace5.4affected
KDEPlasma Workspace5.5affected
KDEPlasma Workspace5.6affected
KDEPlasma Workspace5.7affected
KDEPlasma Workspace5.8affected
KDEPlasma Workspace5.9affected
KDEPlasma Workspace5.10affected
KDEPlasma Workspace5.11affected
KDEPlasma Workspace5.12affected
KDEPlasma Workspace5.13affected
KDEPlasma Workspace5.14affected
KDEPlasma Workspace5.15affected
KDEPlasma Workspace5.16affected
KDEPlasma Workspace5.17affected
KDEPlasma Workspace5.18affected
KDEPlasma Workspace5.19affected
KDEPlasma Workspace5.20affected
KDEPlasma Workspace5.21affected
KDEPlasma Workspace5.22affected
KDEPlasma Workspace5.23affected
KDEPlasma Workspace5.24affected
KDEPlasma Workspace5.25affected
KDEPlasma Workspace5.26affected
KDEPlasma Workspace5.27affected
KDEPlasma Workspace5.28affected
KDEPlasma Workspace5.29affected
KDEPlasma Workspace5.30affected
KDEPlasma Workspace5.31affected
KDEPlasma Workspace5.32affected
KDEPlasma Workspace5.33affected
KDEPlasma Workspace5.34affected
KDEPlasma Workspace5.35affected
KDEPlasma Workspace5.36affected
KDEPlasma Workspace5.37affected
KDEPlasma Workspace5.38affected
KDEPlasma Workspace5.39affected
KDEPlasma Workspace5.40affected
KDEPlasma Workspace5.41affected
KDEPlasma Workspace5.42affected
KDEPlasma Workspace5.43affected
KDEPlasma Workspace5.44affected
KDEPlasma Workspace5.45affected
KDEPlasma Workspace5.46affected
KDEPlasma Workspace5.47affected
KDEPlasma Workspace5.48affected
KDEPlasma Workspace5.49affected
KDEPlasma Workspace5.50affected
KDEPlasma Workspace5.51affected
KDEPlasma Workspace5.52affected
KDEPlasma Workspace5.53affected
KDEPlasma Workspace5.54affected
KDEPlasma Workspace5.55affected
KDEPlasma Workspace5.56affected
KDEPlasma Workspace5.57affected
KDEPlasma Workspace5.58affected
KDEPlasma Workspace5.59affected
KDEPlasma Workspace5.60affected
KDEPlasma Workspace5.61affected
KDEPlasma Workspace5.62affected
KDEPlasma Workspace5.63affected
KDEPlasma Workspace5.64affected
KDEPlasma Workspace5.65affected
KDEPlasma Workspace5.66affected
KDEPlasma Workspace5.67affected
KDEPlasma Workspace5.68affected
KDEPlasma Workspace5.69affected
KDEPlasma Workspace5.70affected
KDEPlasma Workspace5.71affected
KDEPlasma Workspace5.72affected
KDEPlasma Workspace5.73affected
KDEPlasma Workspace5.74affected
KDEPlasma Workspace5.75affected
KDEPlasma Workspace5.76affected
KDEPlasma Workspace5.77affected
KDEPlasma Workspace5.78affected
KDEPlasma Workspace5.79affected
KDEPlasma Workspace5.80affected
KDEPlasma Workspace5.81affected
KDEPlasma Workspace5.82affected
KDEPlasma Workspace5.83affected
KDEPlasma Workspace5.84affected
KDEPlasma Workspace5.85affected
KDEPlasma Workspace5.86affected
KDEPlasma Workspace5.87affected
KDEPlasma Workspace5.88affected
KDEPlasma Workspace5.89affected
KDEPlasma Workspace5.90affected
KDEPlasma Workspace5.91affected
KDEPlasma Workspace5.92affected
KDEPlasma Workspace5.93affected

Weaknesses

  • CWE-22: CWE-22 Path Traversal

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References