[kde] [Bug 509895] New: Encrypted vault data leak in recent items

Wed Sep 24 22:01:16 BST 2025

https://bugs.kde.org/show_bug.cgi?id=509895

            Bug ID: 509895
           Summary: Encrypted vault data leak in recent items
    Classification: I don't know
           Product: kde
      Version First unspecified
       Reported In:
          Platform: Ubuntu
                OS: Linux
            Status: REPORTED
          Severity: major
          Priority: NOR
         Component: general
          Assignee: unassigned-bugs at kde.org
          Reporter: wuzahman at gmail.com
  Target Milestone: ---

SUMMARY
When accessing files from inside kde plasma vault a link is created to them in
the recent files, same for folders inside the vault. When closing the vault
these files change nsme to -0 or -1 but hovering over them in the file manager
shows they still link to a file inside of the vault, and while that file is mo
longer accessible it's name is saved in the recent files link. This is a
confidentiality problem. 

STEPS TO REPRODUCE
1.  Open vault and access files
2.  Close vault
3.  Open recent files folder and find files named -0 -1 etc

OBSERVED RESULT
-0 ( Points to ~/Vaults/vaultname/filename_inside_vault) 

EXPECTED RESULT
Links from recent files should be deleted when vault is locked, or not saved
there in the first place 

SOFTWARE/OS VERSIONS
(available in the Info Center app, or by running `kinfo` in a terminal window)
Linux/KDE Plasma: Ubuntu 24.04
KDE Plasma Version: 5.27.12
KDE Frameworks Version: 5.115.0
Qt Version: 5.15.3

ADDITIONAL INFORMATION

-- 
You are receiving this mail because:
You are the assignee for the bug.