CVE-2021-37601

Опубликовано: 30 июл. 2021

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

muc.lib.lua in Prosody 0.11.0 through 0.11.9 allows remote attackers to obtain sensitive information (list of admins, members, owners, and banned entities of a Multi-User chat room) in some common configurations.

Ссылки

http://www.openwall.com/lists/oss-security/2021/07/28/4
Mailing List
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7BZRRPCNOETB4MN4XSYPRBBKDIHO27DY/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EMKIOEP2CYWHVVUCNWISPE4AGH4IR7O2/
https://prosody.im/
Exploit
Product
https://prosody.im/security/advisory_20210722/
Vendor Advisory
http://www.openwall.com/lists/oss-security/2021/07/28/4
Mailing List
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7BZRRPCNOETB4MN4XSYPRBBKDIHO27DY/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EMKIOEP2CYWHVVUCNWISPE4AGH4IR7O2/
https://prosody.im/
Exploit
Product
https://prosody.im/security/advisory_20210722/
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:prosody:prosody:*:*:*:*:*:*:*:*

Версия от 0.11.0 (включая) до 0.11.9 (включая)

EPSS

Процентиль: 71%

0.00671

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

CVE-2021-37601

CVSS3: 7.5

ubuntu

больше 4 лет назад

CVE-2021-37601

CVSS3: 7.5

debian

больше 4 лет назад

muc.lib.lua in Prosody 0.11.0 through 0.11.9 allows remote attackers t ...

openSUSE-SU-2021:1173-1

suse-cvrf

больше 4 лет назад

Security update for prosody

GHSA-h6g2-mc2x-j8wm

CVSS3: 7.5

github

больше 3 лет назад

EPSS

Процентиль: 71%

0.00671

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

NVD-CWE-Other