Description

ispdbservice.cpp in KDE Kmail before 6.2.0 allows man-in-the-middle attackers to trigger use of an attacker-controlled mail server because cleartext HTTP is used for a URL such as http://autoconfig.example.com or http://example.com/.well-known/autoconfig for retrieving the configuration. This is related to kmail-account-wizard.

INFO

Published Date :

2024-10-27T00:00:00.000Z

Last Modified :

2025-05-31T08:03:29.146Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2024-50624 vulnerability.

Vendors Products
Kde
  • Kmail
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-50624.

URL Resource
https://bugs.kde.org/show_bug.cgi?id=487882 cve-icon cve-icon
https://invent.kde.org/pim/kmail-account-wizard/-/commit/9784f5ab41c3aff435d4a88afb25585180a62ee4 cve-icon cve-icon
https://invent.kde.org/pim/kmail/-/tags cve-icon cve-icon
https://kde.org/announcements/megarelease/6/ cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2025/05/msg00048.html cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact