← voltar
CVE-2018-10847

CVE-2018-10847

CVSS 4.2 MEDIUMEPSS 1.7%CWE-592
prosody before versions 0.10.2, 0.9.14 is vulnerable to an Authentication Bypass. Prosody did not verify that the virtual host associated with a user session remained the same across stream restarts. A user may authenticate to XMPP host A and migrate their authenticated session to XMPP host B of the same Prosody instance.
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
Produtos afetados
[UNKNOWN] · prosody

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://blog.prosody.im/prosody-0-10-2-security-release/https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10847https://issues.prosody.im/1147https://prosody.im/security/advisory_20180531/https://www.debian.org/security/2018/dsa-4216