MidnightBSD

Advisories for poezio

CVE-2017-5591 MEDIUM

An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for SleekXMPP up to 1.3.1 and Slixmpp all versions up to 1.2.3, as bundled in poezio (0.8 - 0.10) and other products.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,CWE-346,

Products Affected

Vendor Product Version
poezio poezio 0.9
poezio poezio 0.10
sleekxmpp_project sleekxmpp *
poezio poezio 0.8.1
poezio poezio 0.8
slixmpp_project slixmpp *