Описание
Monal before 4.9 does not implement proper sender verification on MAM and Message Carbon (XEP-0280) results. This allows a remote attacker (able to send stanzas to a victim) to inject arbitrary messages into the local history, with full control over the sender and receiver displayed to the victim.
Ссылки
- Third Party Advisory
- Vendor Advisory
- Third Party Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 4.9 (исключая)
cpe:2.3:a:monal:monal:*:*:*:*:*:iphone_os:*:*
EPSS
Процентиль: 43%
0.00207
Низкий
9.8 Critical
CVSS3
5 Medium
CVSS2
Дефекты
CWE-345
Связанные уязвимости
github
больше 3 лет назад
Monal before 4.9 does not implement proper sender verification on MAM and Message Carbon (XEP-0280) results. This allows a remote attacker (able to send stanzas to a victim) to inject arbitrary messages into the local history, with full control over the sender and receiver displayed to the victim.
EPSS
Процентиль: 43%
0.00207
Низкий
9.8 Critical
CVSS3
5 Medium
CVSS2
Дефекты
CWE-345