** Description changed:
+ === Impact ===
+ When a user disables "Automatically share the clipboard from this device" in
KDE Connect settings, the current clipboard content is still sent to a paired
phone after the PC disconnects and reconnects (e.g., WiFi drop/reconnect). This
violates the user's explicit privacy preference — the clipboard leaks to their
device without consent during the reconnection handshake. This is a
low-severity privacy concern since data goes only to an already-paired device,
but it undermines user trust in the autoshare setting.
+
+ === Test Case ===
+ 1. Install kdeconnect: sudo apt install kdeconnect
+ 2. Disable "Automatically share the clipboard from this device" in KDE
Connect system settings
+ 3. Pair phone with PC via KDE Connect
+ 4. Disconnect PC from WiFi (or turn off WiFi), wait for KDE Connect to
disappear from systray
+ 5. Copy some text on the PC
+ 6. Reconnect to WiFi and refresh the pairing screen on phone to trigger
reconnection
+ 7. Verify: clipboard content is NOT sent to phone (reproducer passes)
+ 8. After applying update: repeat steps 4-7 — clipboard still should NOT be
sent (verification passes)
+ 9. After applying update: re-enable autoshare, disconnect/reconnect again —
verify normal clipboard sharing works correctly (regression check)
+
+ === Where Problems Could Occur ===
+ - If autoShare config is not loaded before sendConnectPacket() is called
during reconnection, the guard may use a stale/default value. However, the
constructor already calls configChanged() which initializes autoShare from
config, so this risk is minimal.
+ - Password sharing: if sharePasswords is false and clipboard contains
passwords, the guard returns early. This could break expected behavior for
users who have explicitly enabled password sharing — but only if they also
disabled general autoshare (which is an unusual configuration). The logic
mirrors that in clipboardChanged() exactly.
+ - No changes to any other code path: normal clipboard sharing when autoshare
IS enabled is completely unchanged, so regression risk is very low.
+
+ === Original Description ===
+
Repro steps copied from upstream bug report:
https://bugs.kde.org/show_bug.cgi?id=476551
---
STEPS TO REPRODUCE
1. Disable clipboard autoshare from pc.
2. Connect phone and pc.
3. Open KDE Connect pair new device screen on phone.
4. Disconnect pc from WiFi and wait until KDE Connect disappears from systray.
5. Copy some text.
6. Connect to WiFi and refresh pair new device screen on phone to reconnect.
OBSERVED RESULT
Clipboard is sent to phone.
EXPECTED RESULT
Clipboard not sent to phone.
---
I can confirm this issue on a fully updated Kubuntu 24.04, with the
"Automatically share the clipboard from this device" option disabled.
Furthermore, I tested a simpler version of the fix from
https://invent.kde.org/network/kdeconnect-kde/-/merge_requests/661 on my
machine and it indeed solves the issue.
Not sure if this is a security issue, certainly not a big one, since
it's still your own device.
ProblemType: Bug
DistroRelease: Ubuntu 24.04
Package: kdeconnect 23.08.5-0ubuntu5
ProcVersionSignature: Ubuntu 6.8.0-110.110-generic 6.8.12
Uname: Linux 6.8.0-110-generic x86_64
NonfreeKernelModules: zfs
ApportVersion: 2.28.1-0ubuntu3.8
Architecture: amd64
CasperMD5CheckResult: pass
CurrentDesktop: KDE
Date: Wed Apr 22 12:03:31 2026
InstallationDate: Installed on 2023-07-05 (1022 days ago)
InstallationMedia: Kubuntu 22.04.2 LTS "Jammy Jellyfish" - Release amd64
(20230223)
SourcePackage: kdeconnect
UpgradeStatus: Upgraded to noble on 2025-04-02 (385 days ago)
** Changed in: kdeconnect (Ubuntu)
Status: New => Triaged
** Changed in: kdeconnect (Ubuntu)
Importance: Undecided => Medium
** Changed in: kdeconnect (Ubuntu)
Milestone: None => noble-updates
** Summary changed:
- Clipboard is sent to phone when reconnecting after disabling clipboard
autoshare (KDE bug 476551)
+ [SRU] Clipboard is sent to phone when reconnecting after disabling clipboard
autoshare (KDE bug 476551)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2149895
Title:
[SRU] Clipboard is sent to phone when reconnecting after disabling
clipboard autoshare (KDE bug 476551)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/kdeconnect/+bug/2149895/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
