Описание
Improper Certificate Validation in Twisted
In words.protocols.jabber.xmlstream in Twisted through 19.2.1, XMPP support did not verify certificates when used with TLS, allowing an attacker to MITM connections.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2019-12855
- https://github.com/twisted/twisted/pull/1147
- https://github.com/pypa/advisory-database/tree/main/vulns/twisted/PYSEC-2019-129.yaml
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PLTZDMFBNFSJMBXYJNGJHENJA4H2TSMZ
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PLTZDMFBNFSJMBXYJNGJHENJA4H2TSMZ
- https://twistedmatrix.com/trac/ticket/9561
- https://usn.ubuntu.com/4308-1
- https://usn.ubuntu.com/4308-2
- https://www.oracle.com/security-alerts/cpuapr2020.html
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00013.html
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00028.html
Пакеты
Twisted
< 19.7.0rc1
19.7.0rc1
Связанные уязвимости
In words.protocols.jabber.xmlstream in Twisted through 19.2.1, XMPP support did not verify certificates when used with TLS, allowing an attacker to MITM connections.
In words.protocols.jabber.xmlstream in Twisted through 19.2.1, XMPP support did not verify certificates when used with TLS, allowing an attacker to MITM connections.
In words.protocols.jabber.xmlstream in Twisted through 19.2.1, XMPP support did not verify certificates when used with TLS, allowing an attacker to MITM connections.
In words.protocols.jabber.xmlstream in Twisted through 19.2.1, XMPP su ...