View at Official debian advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2018-6790 not yet assigned priority: Debian including 1 source packages (plasma-workspace), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5.
An issue was discovered in KDE Plasma Workspace before 5.12.0. dataengines/notifications/notificationsengine.cpp allows remote attackers to discover client IP addresses via a URL in a notification, as demonstrated by the src attribute of an IMG element.