CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
EPSS
Percentile
77.8%
KDE Security Advisory reports:
The default rendering type for a QLabel is QLabel::AutoText,
which uses heuristics to determine whether to render the given
content as plain text or rich text. KSSL and Rekonq did not
properly force its QLabels to use QLabel::PlainText. As a result,
if given a certificate containing rich text in its fields, they
would render the rich text. Specifically, a certificate
containing a common name (CN) that has a table element will cause
the second line of the table to be displayed. This can allow
spoofing of the certificate’s common name.