CVE-2023-38688

Опубликовано: 04 авг. 2023

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

twitch-tui provides Twitch chat in a terminal. Prior to version 2.4.1, the connection is not using TLS for communication. In the configuration of the irc connection, the software disables TLS, which makes all communication to Twitch IRC servers unencrypted. As a result, communication, including auth tokens, can be sniffed. Version 2.4.1 has a patch for this issue.

Ссылки

https://github.com/Xithrius/twitch-tui/blob/340afc3c8c07a83289fe6ef614aa7563c8b70756/src/twitch/connection.rs#L23
Product
https://github.com/Xithrius/twitch-tui/commit/74d13ddca35f8f0816f4933c229da1fd95c0350a
Patch
https://github.com/Xithrius/twitch-tui/security/advisories/GHSA-779w-xvpm-78jx
Vendor Advisory
https://github.com/Xithrius/twitch-tui/blob/340afc3c8c07a83289fe6ef614aa7563c8b70756/src/twitch/connection.rs#L23
Product
https://github.com/Xithrius/twitch-tui/commit/74d13ddca35f8f0816f4933c229da1fd95c0350a
Patch
https://github.com/Xithrius/twitch-tui/security/advisories/GHSA-779w-xvpm-78jx
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:xithrius:twitch-tui:*:*:*:*:*:rust:*:*

Версия до 2.4.0 (включая)

EPSS

Процентиль: 70%

0.00643

Низкий

7.5 High

CVSS3

Дефекты

CWE-311

Связанные уязвимости

GHSA-779w-xvpm-78jx