CVE-2021-32917
Published: 13 May 2021
An issue was discovered in Prosody before 0.11.9. The proxy65 component allows open access by default, even if neither of the users has an XMPP account on the local server, allowing unrestricted use of the server's bandwidth.
Priority
Status
Package | Release | Status |
---|---|---|
prosody Launchpad, Ubuntu, Debian |
bionic |
Needed
|
focal |
Needed
|
|
groovy |
Ignored
(end of life)
|
|
hirsute |
Ignored
(end of life)
|
|
impish |
Ignored
(end of life)
|
|
jammy |
Needed
|
|
kinetic |
Ignored
(end of life, was needed)
|
|
lunar |
Not vulnerable
(0.12.1-1)
|
|
mantic |
Not vulnerable
(0.12.1-1)
|
|
trusty |
Does not exist
|
|
upstream |
Released
(0.11.9)
|
|
xenial |
Needs triage
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 5.3 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | None |
Integrity impact | None |
Availability impact | Low |
Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |