CVE-2023-38688

EPSS 0.43%
Veröffentlicht 04.08.2023 17:15:10
Zuletzt bearbeitet 21.11.2024 08:14:03
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

twitch-tui's connection is not encrypted

twitch-tui provides Twitch chat in a terminal. Prior to version 2.4.1, the connection is not using TLS for communication. In the configuration of the irc connection, the software disables TLS, which makes all communication to Twitch IRC servers unencrypted. As a result, communication, including auth tokens, can be sniffed. Version 2.4.1 has a patch for this issue.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Xithrius ≫ Twitch-tui SwPlatformrust Version <= 2.4.0

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.43%	0.34

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
security-advisories@github.com	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-311 Missing Encryption of Sensitive Data

The product does not encrypt sensitive or critical information before storage or transmission.

https://github.com/Xithrius/twitch-tui/blob/340afc3c8c07a83289fe6ef614aa7563c8b70756/src/twitch/connection.rs#L23

Product

https://github.com/Xithrius/twitch-tui/commit/74d13ddca35f8f0816f4933c229da1fd95c0350a

Patch

https://github.com/Xithrius/twitch-tui/security/advisories/GHSA-779w-xvpm-78jx

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-38688

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-38688

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-38688

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-38688