kde-workspace is vulnerable to information disclosure. It does not sanitize the notifications, allowing to leak client IP address via IMG element.
access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.7_release_notes/index
access.redhat.com/errata/RHSA-2019:2141
access.redhat.com/security/updates/classification/#low
bugzilla.redhat.com/show_bug.cgi?id=1579764
bugzilla.redhat.com/show_bug.cgi?id=1611762
bugzilla.redhat.com/show_bug.cgi?id=1619362
cgit.kde.org/plasma-workspace.git/commit/?id=5bc696b5abcdb460c1017592e80b2d7f6ed3107c
cgit.kde.org/plasma-workspace.git/commit/?id=8164beac15ea34ec0d1564f0557fe3e742bdd938
phabricator.kde.org/D10188
www.kde.org/announcements/plasma-5.11.5-5.12.0-changelog.php