Jump to:

CVE-2021-37601

Jump to:

CVE-2021-37601

Package prosody updated to version 0.11.10-alt1 for branch p10 in task 283231.

Published: 2021-07-30
Modified: 2024-11-21

CVE-2021-37601

muc.lib.lua in Prosody 0.11.0 through 0.11.9 allows remote attackers to obtain sensitive information (list of admins, members, owners, and banned entities of a Multi-User chat room) in some common configurations.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

[oss-security] 20210728 Re: Prosody XMPP server advisory 2021-07-22 (Remote Information Disclosure) (CVE-2021-37601)
[oss-security] 20210728 Re: Prosody XMPP server advisory 2021-07-22 (Remote Information Disclosure) (CVE-2021-37601)
FEDORA-2021-fe9513e089
FEDORA-2021-fe9513e089
FEDORA-2021-1d574ae400
FEDORA-2021-1d574ae400
https://prosody.im/
https://prosody.im/
https://prosody.im/security/advisory_20210722/
https://prosody.im/security/advisory_20210722/

Version: 2.1.0

Package prosody update in p10 on 2021-08-20

ALT-PU-2021-2588-1

Closed vulnerabilities

CVE-2021-37601