---

CVE-2021-38373 - log back

CVE-2021-38373 edited at 18 Nov 2021 12:45:52

References

https://nostarttls.secvuln.info/ + https://kde.org/info/security/advisory-20211118-1.txt https://bugs.kde.org/show_bug.cgi?id=423423 https://invent.kde.org/pim/ksmtp/-/commit/b33f06397ea2f02ebfa26b77862fcb7164b4ba0c https://invent.kde.org/pim/ksmtp/-/commit/38a4c09427f3fdc04f9893f8eda3f6807d9a3203 https://invent.kde.org/pim/ksmtp/-/commit/60f73c69758fe40a027a8e7402127d085f18545a https://invent.kde.org/pim/ksmtp/-/commit/77a366023715745a0677a93b6e3cb69856f8f299 https://invent.kde.org/pim/ksmtp/-/commit/5d96c216281b88e1ceb2f6e7fc8b68c593674251 https://invent.kde.org/pim/kmailtransport/-/commit/b49ee72009620f152aaab1f592704e56e3be01f5

CVE-2021-38373 edited at 18 Nov 2021 12:41:06
Severity	- Medium + Low
Type	- Information disclosure + Silent downgrade
References	+ https://nostarttls.secvuln.info/ https://bugs.kde.org/show_bug.cgi?id=423423 - https://nostarttls.secvuln.info/ - https://invent.kde.org/pim/ksmtp/-/merge_requests/8 + https://invent.kde.org/pim/ksmtp/-/commit/b33f06397ea2f02ebfa26b77862fcb7164b4ba0c + https://invent.kde.org/pim/ksmtp/-/commit/38a4c09427f3fdc04f9893f8eda3f6807d9a3203 https://invent.kde.org/pim/ksmtp/-/commit/60f73c69758fe40a027a8e7402127d085f18545a + https://invent.kde.org/pim/ksmtp/-/commit/77a366023715745a0677a93b6e3cb69856f8f299 + https://invent.kde.org/pim/ksmtp/-/commit/5d96c216281b88e1ceb2f6e7fc8b68c593674251 + https://invent.kde.org/pim/kmailtransport/-/commit/b49ee72009620f152aaab1f592704e56e3be01f5

CVE-2021-38373 edited at 07 Oct 2021 12:10:06
References	https://bugs.kde.org/show_bug.cgi?id=423423 https://nostarttls.secvuln.info/ + https://invent.kde.org/pim/ksmtp/-/merge_requests/8 + https://invent.kde.org/pim/ksmtp/-/commit/60f73c69758fe40a027a8e7402127d085f18545a

CVE-2021-38373 edited at 10 Aug 2021 16:27:43
Severity	- Unknown + Medium
Remote	- Unknown + Remote
Type	- Unknown + Information disclosure
Description	+ In KDE KMail 19.12.3 (aka 5.13.3), the SMTP STARTTLS option is not honored (and cleartext messages are sent) unless "Server requires authentication" is checked.
References	+ https://bugs.kde.org/show_bug.cgi?id=423423 + https://nostarttls.secvuln.info/

CVE-2021-38373 created at 10 Aug 2021 16:26:52
Severity	+ Unknown
Remote	+ Unknown
Type	+ Unknown
Description
References
Notes