7.5

CVE-2023-38688

EPSS 0.55%
Published 04.08.2023 17:15:10
Last modified 21.11.2024 08:14:03
Source security-advisories@github.com
Teams watchlist Login
Open Login

twitch-tui provides Twitch chat in a terminal. Prior to version 2.4.1, the connection is not using TLS for communication. In the configuration of the irc connection, the software disables TLS, which makes all communication to Twitch IRC servers unencrypted. As a result, communication, including auth tokens, can be sniffed. Version 2.4.1 has a patch for this issue.

Affected products Warnungen 0 Metrics 3 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Xithrius ≫ Twitch-tui SwPlatformrust Version <= 2.4.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.55%	0.671

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
security-advisories@github.com	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-311 Missing Encryption of Sensitive Data

The product does not encrypt sensitive or critical information before storage or transmission.

https://github.com/Xithrius/twitch-tui/blob/340afc3c8c07a83289fe6ef614aa7563c8b70756/src/twitch/connection.rs#L23

Product

https://github.com/Xithrius/twitch-tui/commit/74d13ddca35f8f0816f4933c229da1fd95c0350a

Patch

https://github.com/Xithrius/twitch-tui/security/advisories/GHSA-779w-xvpm-78jx

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-38688

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-38688

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-38688

EUVD