CVE-2021-32917
Description
An issue was discovered in Prosody before 0.11.9. The proxy65 component allows open access by default, even if neither of the users has an XMPP account on the local server, allowing unrestricted use of the servers bandwidth.
Risk Information
Base Score
5.3
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
EPSS Score
Exploitation Probability
3.348
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| prosody security update(DSA-4916-1) prosody_0.11.2-1+deb10u1_amd64.deb | Linux |
| prosody security update(DSA-4916-1) prosody_0.11.2-1+deb10u1_i386.deb | Linux |
| prosody security update(DSA-4916-1) Debian_prosody_0.11.2-1+deb10u1_amd64.deb | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234