Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.1
CVSSv3

CVE-2023-28686

Published: 24/03/2023 Updated: 07/11/2023
CVSS v3 Base Score: 7.1 | Impact Score: 4.2 | Exploitability Score: 2.8
VMScore: 0
Subscribe to Dino

Vulnerability Summary

Dino prior to 0.2.3, 0.3.x prior to 0.3.2, and 0.4.x prior to 0.4.2 allows malicious users to modify the personal bookmark store via a crafted message. The attacker can change the display of group chats or force a victim to join a group chat; the victim may then be tricked into disclosing sensitive information.

Vulnerable Product Search on Vulmon Subscribe to Product

dino dino

fedoraproject fedora 36

fedoraproject fedora 37

fedoraproject fedora 38

debian debian linux 10.0

debian debian linux 11.0

debian debian linux 12.0

Vendor Advisories

Debian CVElist Bug Report Logs: dino-im: Insufficient message sender validation in Dino CVE-2023-28686
Debian Bug report logs - #1033370 dino-im: Insufficient message sender validation in Dino CVE-2023-28686 Package: dino-im; Maintainer for dino-im is Debian XMPP Maintainers <pkg-xmpp-devel@listsaliothdebianorg>; Source for dino-im is src:dino-im (PTS, buildd, popcon) Reported by: Diane Trout <diane@ghicorg> Date: ...
Debian Security Advisories: DSA-5379-1 dino-im -- security update
Kim Alvefur discovered that insufficient message sender validation in dino-im, a modern XMPP/Jabber client, may result in manipulation of entries in the personal bookmark store without user interaction via a specially crafted message Additionally an attacker can take advantage of this flaw to change how group chats are displayed or force a user to ...

References

CWE-639https://dino.im/security/cve-2023-28686/https://www.debian.org/security/2023/dsa-5379https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IIWXAK656EHSRIRUHLPBE3AX2I4TMH7M/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BQLCEUZS5GPHUQMS7C6W2NS3PHYUFHYF/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GOH6NYTLPM52MDIR2IRVUR3REDVWZV6N/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033370https://nvd.nist.govhttps://www.debian.org/security/2023/dsa-5379
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322CVE-2006-4304wirelessCVE-2023-23022local file inclusionCVE-2024-27058CVE-2024-33820open redirectCVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook