A vulnerability, which was classified as problematic, was found in KDE Plasma Workspace up to 5.93.0. This affects the function
EventPluginsManager::enabledPlugins
of the file components/calendar/eventpluginsmanager.cpp of the component Theme File Handler. The manipulation of the argument pluginId leads to path traversal.
This vulnerability is uniquely identified as CVE-2024-1433. It is possible to initiate the attack remotely. There is no exploit available.
This requires write access to user’s home or the installation of third party global themes.
It is recommended to apply a patch to fix this issue.