Your submission was sent successfully! Close

CVE-2021-37601

Published: 30 July 2021

muc.lib.lua in Prosody 0.11.0 through 0.11.9 allows remote attackers to obtain sensitive information (list of admins, members, owners, and banned entities of a Multi-User chat room) in some common configurations.

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
prosody
Launchpad, Ubuntu, Debian
bionic Needs triage

focal Needs triage

hirsute Ignored
(reached end-of-life)
impish Not vulnerable
(0.11.9-2)
jammy Not vulnerable
(0.11.9-2)
trusty Does not exist

upstream
Released (0.11.9-2)
xenial Ignored
(out of standard support)