CVE-2022-45197

Опубликовано: 25 дек. 2022

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

Slixmpp before 1.8.3 lacks SSL Certificate hostname validation in XMLStream, allowing an attacker to pose as any server in the eyes of Slixmpp.

Ссылки

https://github.com/poezio/slixmpp/commits/master/slixmpp/xmlstream/xmlstream.py
Patch
Third Party Advisory
https://github.com/poezio/slixmpp/tags
Third Party Advisory
https://lab.louiz.org/poezio/slixmpp/-/commit/b60b1b985db928532f97c4f61d6fbc801f0aa7fa
Patch
Third Party Advisory
https://lab.louiz.org/poezio/slixmpp/-/commits/master
Patch
Third Party Advisory
https://security.gentoo.org/glsa/202305-07
https://github.com/poezio/slixmpp/commits/master/slixmpp/xmlstream/xmlstream.py
Patch
Third Party Advisory
https://github.com/poezio/slixmpp/tags
Third Party Advisory
https://lab.louiz.org/poezio/slixmpp/-/commit/b60b1b985db928532f97c4f61d6fbc801f0aa7fa
Patch
Third Party Advisory
https://lab.louiz.org/poezio/slixmpp/-/commits/master
Patch
Third Party Advisory
https://security.gentoo.org/glsa/202305-07

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:slixmpp_project:slixmpp:*:*:*:*:*:*:*:*

Версия до 1.8.3 (исключая)

EPSS

Процентиль: 35%

0.00146

Низкий

7.5 High

CVSS3

Дефекты

CWE-295

Связанные уязвимости

CVE-2022-45197

CVSS3: 7.5

ubuntu

около 3 лет назад

Slixmpp before 1.8.3 lacks SSL Certificate hostname validation in XMLStream, allowing an attacker to pose as any server in the eyes of Slixmpp.

CVE-2022-45197

CVSS3: 7.5

debian

около 3 лет назад

Slixmpp before 1.8.3 lacks SSL Certificate hostname validation in XMLS ...

openSUSE-SU-2022:10242-1

suse-cvrf

около 3 лет назад

Security update for python-slixmpp

openSUSE-SU-2022:10241-1

suse-cvrf

около 3 лет назад

Security update for python-slixmpp

GHSA-q6cq-m9gm-6q2f

CVSS3: 7.5

github

около 3 лет назад

Slixmpp lacks SSL Certificate hostname validation in XMLStream

EPSS

Процентиль: 35%

0.00146

Низкий

7.5 High

CVSS3

Дефекты

CWE-295