Lucene search

PRIOn knowledge basePRION:CVE-2017-5603

HistoryFeb 09, 2017 - 8:59 p.m.

Design/Logic Flaw

2017-02-0920:59:00

PRIOn knowledge base

www.prio-n.com

5.7 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

70.6%

JSON

An incorrect implementation of “XEP-0280: Message Carbons” in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application’s display. This allows for various kinds of social engineering attacks. This CVE is for Jitsi 2.5.5061 - 2.9.5544.

CPENameOperatorVersion
jitsieq2.9.5544
jitsieq2.5.5061

CPE	Name	Operator	Version
	jitsi	eq	2.9.5544
	jitsi	eq	2.5.5061

References

openwall.com/lists/oss-security/2017/02/09/29

www.securityfocus.com/bid/96174

github.com/jitsi/jitsi/commit/7d66da61b316c9480b63000f831b6de723b87315

rt-solutions.de/en/2017/02/CVE-2017-5589_xmpp_carbons/

rt-solutions.de/wp-content/uploads/2017/02/CVE-2017-5589_xmpp_carbons.pdf