CVE-2024-1433

Summary

CVE-2024-1433 is a problematic vulnerability affecting KDE Plasma Workspace versions up to 5.93.0. The issue lies within the EventPluginsManager::enabledPlugins function of the file components/calendar/eventpluginsmanager.cpp in the Theme File Handler component. An attacker can manipulate the pluginId argument, leading to a path traversal vulnerability. This vulnerability can be exploited remotely, but the complexity and difficulty of an attack are relatively high. A patch with the identifier 6cdf42916369ebf4ad5bd876c4dfa0170d7b2f01 is available to address this issue. However, note that this vulnerability can only be exploited with write access to a user's home or the installation of third-party global themes.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.