How severe is CVE-2024-1433?

This vulnerability has a severity rating of LOW with a CVSS score of 3.7 out of 10.

What type of vulnerability is CVE-2024-1433?

This is classified as CWE-22, which is a common weakness in software security.

CVE-2024-1433 - LOW Severity | CVSS 3.7

Vulnerability Description

A vulnerability, which was classified as problematic, was found in KDE Plasma Workspace up to 5.93.0. This affects the function EventPluginsManager::enabledPlugins of the file components/calendar/eventpluginsmanager.cpp of the component Theme File Handler. The manipulation of the argument pluginId leads to path traversal. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The patch is named 6cdf42916369ebf4ad5bd876c4dfa0170d7b2f01. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-253407. NOTE: This requires write access to user's home or the installation of third party global themes.

Related Vulnerabilities

CVE-2016-4323

LOW

CVSS:3.7(Low)

A directory traversal exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in an overwrite of files. A malicious server or s...

CWE-222016

CVE-2023-40160

LOW

CVSS:3.7(Low)

Directory traversal vulnerability exists in Mailing List Search CGI (pmmls.exe) included in A.K.I Software's PMailServer/PMailServer2 products. If this vulnerability is exploited, a remote attacker ma...

CWE-222023

CVE-2024-42408

MEDIUM

CVSS:3.7(Low)

The InfoScan client download page can be intercepted with a proxy, to expose filenames located on the system, which could lead to additional information exposure.

CWE-222024

CVE-2025-32943

LOW

CVSS:3.7(Low)

The vulnerability allows any authenticated user to leak the contents of arbitrary “.m3u8” files from the PeerTube server due to a path traversal in the HLS endpoint.

CWE-222025

CVE-2021-24242

LOW

CVSS:3.8(Low)

The Tutor LMS – eLearning and online course solution WordPress plugin before 1.8.8 is affected by a local file inclusion vulnerability through the maliciously constructed sub_page parameter of the plu...

CWE-222021

CVE-2022-27621

LOW

CVSS:3.8(Low)

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology USB Copy before 2.2.0-1086 allows remote authenticated users to read or wri...

CWE-222022