7.5
CVE-2022-45197
- EPSS 0.47%
- Veröffentlicht 25.12.2022 05:15:11
- Zuletzt bearbeitet 14.04.2025 19:15:32
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginSlixmpp before 1.8.3 lacks SSL Certificate hostname validation in XMLStream, allowing an attacker to pose as any server in the eyes of Slixmpp.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Slixmpp Project ≫ Slixmpp Version < 1.8.3
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.47% | 0.369 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
|
CWE-295 Improper Certificate Validation
The product does not validate, or incorrectly validates, a certificate.
https://github.com/poezio/slixmpp/commits/master/slixmpp/xmlstream/xmlstream.py
https://github.com/poezio/slixmpp/tags
https://lab.louiz.org/poezio/slixmpp/-/commit/b60b1b985db928532f97c4f61d6fbc801f0aa7fa
https://lab.louiz.org/poezio/slixmpp/-/commits/master
https://security.gentoo.org/glsa/202305-07