Описание
In Mellium mellium.im/xmpp through 0.21.0, an attacker capable of spoofing DNS TXT records can redirect a WebSocket connection request to a server under their control without causing TLS certificate verification to fail. This occurs because the wrong host name is selected during this verification.
Ссылки
- Vendor Advisory
- ProductVendor Advisory
- Vendor Advisory
- ProductVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 0.18.0 (включая) до 0.21.1 (исключая)
cpe:2.3:a:mellium:xmpp:*:*:*:*:*:*:*:*
EPSS
Процентиль: 40%
0.00182
Низкий
5.9 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-295
Связанные уязвимости
CVSS3: 5.9
github
почти 4 года назад
Improper Validation of Certificate with Host Mismatch in mellium.im/xmpp/websocket
EPSS
Процентиль: 40%
0.00182
Низкий
5.9 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-295