Lucene search
Veracode Vulnerability DatabaseVERACODE:13316HistoryFeb 07, 2019 - 6:18 a.m.
Access Control Bypass
2019-02-0706:18:51
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
4
0.002 Low
EPSS
Percentile
62.2%
slixmpp is vulnerable to access control bypass. The vulnerability exists because the default permissions for persistent storage of private data on a PEP node is not set properly, disclosing private data that have been published to a PEP node to all the contacts of the victim.
References
lab.louiz.org/poezio/slixmpp/commit/7cd73b594e8122dddf847953fcfc85ab4d316416
lists.fedoraproject.org/archives/list/[email protected]/message/GKBXN7EAAR7ENEZUBKV6C6MP6QBXYTWT/
lists.fedoraproject.org/archives/list/[email protected]/message/WIBP4LD2V4TBJSLZXDUAGQMD6CUI2TZR/
xmpp.org/extensions/xep-0223.html#howitworks
Related
fedora
fedora
[SECURITY] Fedora 29 Update: python-slixmpp-1.4.2-1.fc29
2019-09-03 02:02:15
[SECURITY] Fedora 30 Update: python-slixmpp-1.4.2-1.fc30
2019-09-03 01:03:53
osv
osv
CVE-2019-1000021
2019-02-04 21:29:01
slixmpp Incorrect Access Control
2022-05-13 01:21:42
PYSEC-2019-121
2019-02-04 21:29:00
freebsd
freebsd
slixmpp -- improper access control
2019-02-04 00:00:00
openvas
openvas
Fedora Update for python-slixmpp FEDORA-2019-5a947d8603
2019-09-04 00:00:00
Fedora Update for python-slixmpp FEDORA-2019-f40c49b99e
2019-09-04 00:00:00
openSUSE: Security Advisory for python-slixmpp (openSUSE-SU-2019:0163-1)
2019-02-14 00:00:00
suse
suse
Security update for python-slixmpp (low)
2019-02-13 00:00:00
Security update for python-slixmpp (low)
2019-02-13 00:00:00
ubuntucve
ubuntucve
CVE-2019-1000021
2019-02-04 00:00:00
prion
prion
Improper access control
2019-02-04 21:29:00
nessus
nessus
openSUSE Security Update : python-slixmpp (openSUSE-2019-163)
2019-02-14 00:00:00
Fedora 30 : python-slixmpp (2019-f40c49b99e)
2019-09-03 00:00:00
Fedora 29 : python-slixmpp (2019-5a947d8603)
2019-09-03 00:00:00
cvelist
cvelist
CVE-2019-1000021
2019-02-04 21:00:00
cve
cve
CVE-2019-1000021
2019-02-04 21:29:01
debiancve
debiancve
CVE-2019-1000021
2019-02-04 21:29:01
nvd
nvd
CVE-2019-1000021
2019-02-04 21:29:01
github
github
slixmpp Incorrect Access Control
2022-05-13 01:21:42