{"id":"CVE-2018-6790","details":"An issue was discovered in KDE Plasma Workspace before 5.12.0. dataengines/notifications/notificationsengine.cpp allows remote attackers to discover client IP addresses via a URL in a notification, as demonstrated by the src attribute of an IMG element.","modified":"2026-05-30T13:04:27.632881Z","published":"2018-02-07T02:29:01.373Z","related":["openSUSE-SU-2018:0397-1","openSUSE-SU-2018:0398-1"],"references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:2141"},{"type":"ADVISORY","url":"https://cgit.kde.org/plasma-workspace.git/commit/?id=5bc696b5abcdb460c1017592e80b2d7f6ed3107c"},{"type":"ADVISORY","url":"https://cgit.kde.org/plasma-workspace.git/commit/?id=8164beac15ea34ec0d1564f0557fe3e742bdd938"},{"type":"ADVISORY","url":"https://www.kde.org/announcements/plasma-5.11.5-5.12.0-changelog.php"},{"type":"REPORT","url":"https://phabricator.kde.org/D10188"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/kde/plasma-workspace","events":[{"introduced":"0"},{"fixed":"a012581b3f31e897453edd2c935f8b056b0dc461"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"fixed":"5.12.0"}],"source":"CPE_RANGE","cpe":"cpe:2.3:a:kde:plasma-workspace:*:*:*:*:*:*:*:*"}}],"versions":["v5.11.95","v5.9.95","v5.8.95","v5.7.95","v5.5.95","v5.5.4","v5.5.3","v5.5.2","v5.5.1","v5.5.0","v5.4.95","v5.3.95","v5.2.95","v5.1.95","v5.0.95","v5.0.0","v4.98.0","v4.97.0","v4.96.0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-6790.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}]}