Discover fetches the description and related texts of some applications/plugins from store.kde.org. That text is displayed to the user, after turning into a clickable link any part of the text that looks like a link. This is done for any kind of link, be it smb:// nfs:// etc. when in fact it only makes sense for http/https links. Reference: https://kde.org/info/security/advisory-20210310-1.txt
Created plasma-discover tracking bugs for this issue: Affects: fedora-all [bug 1937887]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.