Upstream information
Description
ispdbservice.cpp in KDE Kmail before 6.2.0 allows man-in-the-middle attackers to trigger use of an attacker-controlled mail server because cleartext HTTP is used for a URL such as http://autoconfig.example.com or http://example.com/.well-known/autoconfig for retrieving the configuration. This is related to kmail-account-wizard.SUSE information
Overall state of this security issue: Does not affect SUSE products
This issue is currently not rated by SUSE as it is not affecting the SUSE Enterprise products.
SUSE Bugzilla entry: 1232454 [NEW] No SUSE Security Announcements cross referenced.SUSE Timeline for this CVE
CVE page created: Mon Oct 28 02:00:12 2024CVE page last modified: Mon Oct 28 19:58:30 2024