CVE-2021-38373 log

Source
Severity Medium
Remote Yes
Type Information disclosure
Description
In KDE KMail 19.12.3 (aka 5.13.3), the SMTP STARTTLS option is not honored (and cleartext messages are sent) unless "Server requires authentication" is checked.
Group Package Affected Fixed Severity Status Ticket
AVG-2274 kmail 21.08.2-1 Medium Vulnerable
References
https://bugs.kde.org/show_bug.cgi?id=423423
https://nostarttls.secvuln.info/
https://invent.kde.org/pim/ksmtp/-/merge_requests/8
https://invent.kde.org/pim/ksmtp/-/commit/60f73c69758fe40a027a8e7402127d085f18545a