Published: 30/07/2021 Updated: 07/11/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

muc.lib.lua in Prosody 0.11.0 up to and including 0.11.9 allows remote malicious users to obtain sensitive information (list of admins, members, owners, and banned entities of a Multi-User chat room) in some common configurations.

Vulnerable Product	Search on Vulmon	Subscribe to Product
prosody prosody

It was discovered that Prosody 0110 up to 0119 exposes the list of entities (Jabber/XMPP addresses) affiliated (part of) a Multi-User chat to any user, even if they are currently not part of the chat or if their affiliation would not let them become part of the chat, if the whois room configuration was set to anyone This allows any entity to a ...

oss-sec mailing list archives   By Date By Thread </form>    Re: Prosody XMPP server advisory 2021-07-22 (Remote Information Disclosure) (CVE Request)  <!--X-He ...

NVD-CWE-Other https://prosody.im/https://prosody.im/security/advisory_20210722/http://www.openwall.com/lists/oss-security/2021/07/28/4 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EMKIOEP2CYWHVVUCNWISPE4AGH4IR7O2/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7BZRRPCNOETB4MN4XSYPRBBKDIHO27DY/https://nvd.nist.gov https://security.archlinux.org/CVE-2021-37601 http://seclists.org/oss-sec/2021/q3/54

CVE-2021-37601

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Mailing Lists

References

Vulmon Search

About

Products

Connect