Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistRedhatCVELIST:CVE-2018-10847
HistoryJul 30, 2018 - 4:00 p.m.

CVE-2018-10847

2018-07-3016:00:00
CWE-592
redhat
www.cve.org
5

CVSS3

4.2

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

AI Score

8.5

Confidence

High

EPSS

0.002

Percentile

59.1%

JSON

prosody before versions 0.10.2, 0.9.14 is vulnerable to an Authentication Bypass. Prosody did not verify that the virtual host associated with a user session remained the same across stream restarts. A user may authenticate to XMPP host A and migrate their authenticated session to XMPP host B of the same Prosody instance.

CNA Affected

[
  {
    "product": "prosody",
    "vendor": "[UNKNOWN]",
    "versions": [
      {
        "status": "affected",
        "version": "0.10.2"
      },
      {
        "status": "affected",
        "version": "0.9.14"
      }
    ]
  }
]

Related

suse 2
alpinelinux 1
nessus 7
ubuntucve 1
prion 1
fedora 2
openvas 6
ubuntu 1
debian 2
osv 2
nvd 1
debiancve 1
cve 1
suse
suse
Security update for prosody (moderate)
2018-06-09 15:13:07
Security update for prosody (moderate)
2018-06-09 15:11:02
alpinelinux
alpinelinux
CVE-2018-10847
2018-07-30 17:29:00
nessus
nessus
Ubuntu 18.04 ESM : Prosody vulnerability (USN-4834-1)
2023-10-16 00:00:00
Fedora 28 : prosody (2018-18f8c6ce79)
2019-01-03 00:00:00
openSUSE Security Update : prosody (openSUSE-2019-414)
2019-03-27 00:00:00
ubuntucve
ubuntucve
CVE-2018-10847
2018-07-30 00:00:00
prion
prion
Authentication flaw
2018-07-30 17:29:00
fedora
fedora
[SECURITY] Fedora 27 Update: prosody-0.10.2-1.fc27
2018-06-09 19:47:41
[SECURITY] Fedora 28 Update: prosody-0.10.2-1.fc28
2018-06-09 20:44:17
openvas
openvas
Ubuntu: Security Advisory (USN-4834-1)
2023-01-27 00:00:00
Fedora Update for prosody FEDORA-2018-18f8c6ce79
2018-06-10 00:00:00
Fedora Update for prosody FEDORA-2018-455803056d
2018-06-10 00:00:00
ubuntu
ubuntu
Prosody vulnerability
2021-03-15 00:00:00
debian
debian
[SECURITY] [DSA 4216-1] prosody security update
2018-06-02 18:56:21
[SECURITY] [DSA 4216-1] prosody security update
2018-06-02 18:56:21
osv
osv
prosody vulnerability
2021-03-15 22:17:53
prosody - security update
2018-06-02 00:00:00
nvd
nvd
CVE-2018-10847
2018-07-30 17:29:00
debiancve
debiancve
CVE-2018-10847
2018-07-30 17:29:00
cve
cve
CVE-2018-10847
2018-07-30 17:29:00

CVSS3

4.2

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

AI Score

8.5

Confidence

High

EPSS

0.002

Percentile

59.1%

JSON
Related for CVELIST:CVE-2018-10847
suse2alpinelinux1nessus7ubuntucve1prion1fedora2openvas6ubuntu1debian2osv2nvd1debiancve1cve1