7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.001 Low
EPSS
Percentile
28.3%
The connection is not using TLS for communication
In the configuration of the irc connection, you are disabling tls which makes all communication to twitch irc servers unencrypted.
You can verify by using tcpdump/wireshark that traffic is unencrypted.
Communication can be sniffed, even auth tokens.
CPE | Name | Operator | Version |
---|---|---|---|
twitch-tui | lt | 2.4.1 |
github.com/advisories/GHSA-779w-xvpm-78jx
github.com/Xithrius/twitch-tui/blob/340afc3c8c07a83289fe6ef614aa7563c8b70756/src/twitch/connection.rs#L23
github.com/Xithrius/twitch-tui/commit/74d13ddca35f8f0816f4933c229da1fd95c0350a
github.com/Xithrius/twitch-tui/security/advisories/GHSA-779w-xvpm-78jx
nvd.nist.gov/vuln/detail/CVE-2023-38688