Vulnerability Name: | CVE-2021-37601 (CCN-206117) | ||||||||||||||||||||
Assigned: | 2021-07-22 | ||||||||||||||||||||
Published: | 2021-07-22 | ||||||||||||||||||||
Updated: | 2022-07-12 | ||||||||||||||||||||
Summary: | muc.lib.lua in Prosody 0.11.0 through 0.11.9 allows remote attackers to obtain sensitive information (list of admins, members, owners, and banned entities of a Multi-User chat room) in some common configurations. | ||||||||||||||||||||
CVSS v3 Severity: | 7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) 6.6 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:U/RC:R)
6.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:U/RC:R)
| ||||||||||||||||||||
CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
| ||||||||||||||||||||
Vulnerability Type: | CWE-Other | ||||||||||||||||||||
Vulnerability Consequences: | Obtain Information | ||||||||||||||||||||
References: | Source: MITRE Type: CNA CVE-2021-37601 Source: MLIST Type: Mailing List, Third Party Advisory [oss-security] 20210728 Re: Prosody XMPP server advisory 2021-07-22 (Remote Information Disclosure) (CVE-2021-37601) Source: XF Type: UNKNOWN prosody-multiuserchat-info-disc(206117) Source: FEDORA Type: Mailing List, Third Party Advisory FEDORA-2021-fe9513e089 Source: FEDORA Type: Mailing List, Third Party Advisory FEDORA-2021-1d574ae400 Source: CCN Type: Prosody Web site Prosody Source: MISC Type: Exploit, Product https://prosody.im/ Source: MISC Type: Vendor Advisory https://prosody.im/security/advisory_20210722/ Source: CCN Type: oss-sec Mailing List, Thu, 22 Jul 2021 17:03:36 +0200 Prosody XMPP server advisory 2021-07-22 (Remote Information Disclosure) (CVE Request) | ||||||||||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: ![]() | ||||||||||||||||||||
Oval Definitions | |||||||||||||||||||||
| |||||||||||||||||||||
BACK |