7.5

CVE-2023-38688

EPSS 0.55%
Veröffentlicht 04.08.2023 17:15:10
Zuletzt bearbeitet 21.11.2024 08:14:03
Quelle security-advisories@github.com
Teams Watchlist Login
Unerledigt Login

twitch-tui provides Twitch chat in a terminal. Prior to version 2.4.1, the connection is not using TLS for communication. In the configuration of the irc connection, the software disables TLS, which makes all communication to Twitch IRC servers unencrypted. As a result, communication, including auth tokens, can be sniffed. Version 2.4.1 has a patch for this issue.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Xithrius ≫ Twitch-tui SwPlatformrust Version <= 2.4.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.55%	0.671

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
security-advisories@github.com	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-311 Missing Encryption of Sensitive Data

The product does not encrypt sensitive or critical information before storage or transmission.

https://github.com/Xithrius/twitch-tui/blob/340afc3c8c07a83289fe6ef614aa7563c8b70756/src/twitch/connection.rs#L23

Product

https://github.com/Xithrius/twitch-tui/commit/74d13ddca35f8f0816f4933c229da1fd95c0350a

Patch

https://github.com/Xithrius/twitch-tui/security/advisories/GHSA-779w-xvpm-78jx

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-38688

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-38688

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-38688

EUVD