Vulnerability Details CVE-2021-32917
An issue was discovered in Prosody before 0.11.9. The proxy65 component allows open access by default, even if neither of the users has an XMPP account on the local server, allowing unrestricted use of the server's bandwidth.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.05
EPSS Ranking 89.2%
CVSS Severity
CVSS v3 Score 5.3
CVSS v2 Score 4.3
References
- http://www.openwall.com/lists/oss-security/2021/05/13/1
- http://www.openwall.com/lists/oss-security/2021/05/14/2
- https://blog.prosody.im/prosody-0.11.9-released/
- https://lists.debian.org/debian-lts-announce/2021/06/msg00016.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6MFFBZWXKPZEVZNQSVJNCUE7WRF3T7DG/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GUN63AHEWB2WRROJHU3BVJRWLONCT2B7/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LWJ2DG2DFJOEFEWOUN26IMYYWGSA2ZEE/
- https://security.gentoo.org/glsa/202105-15
- https://www.debian.org/security/2021/dsa-4916
- http://www.openwall.com/lists/oss-security/2021/05/13/1
- http://www.openwall.com/lists/oss-security/2021/05/14/2
- https://blog.prosody.im/prosody-0.11.9-released/
- https://lists.debian.org/debian-lts-announce/2021/06/msg00016.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6MFFBZWXKPZEVZNQSVJNCUE7WRF3T7DG/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GUN63AHEWB2WRROJHU3BVJRWLONCT2B7/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LWJ2DG2DFJOEFEWOUN26IMYYWGSA2ZEE/
- https://security.gentoo.org/glsa/202105-15
- https://www.debian.org/security/2021/dsa-4916
Products affected by CVE-2021-32917
-
cpe:2.3:a:prosody:prosody:-
-
cpe:2.3:a:prosody:prosody:0.1.0
-
cpe:2.3:a:prosody:prosody:0.10.0
-
cpe:2.3:a:prosody:prosody:0.10.1
-
cpe:2.3:a:prosody:prosody:0.10.2
-
cpe:2.3:a:prosody:prosody:0.10.3
-
cpe:2.3:a:prosody:prosody:0.11.0
-
cpe:2.3:a:prosody:prosody:0.11.1
-
cpe:2.3:a:prosody:prosody:0.11.2
-
cpe:2.3:a:prosody:prosody:0.11.3
-
cpe:2.3:a:prosody:prosody:0.11.4
-
cpe:2.3:a:prosody:prosody:0.11.5
-
cpe:2.3:a:prosody:prosody:0.11.6
-
cpe:2.3:a:prosody:prosody:0.11.7
-
cpe:2.3:a:prosody:prosody:0.11.8
-
cpe:2.3:a:prosody:prosody:0.2.0
-
cpe:2.3:a:prosody:prosody:0.3.0
-
cpe:2.3:a:prosody:prosody:0.4.0
-
cpe:2.3:a:prosody:prosody:0.4.1
-
cpe:2.3:a:prosody:prosody:0.4.2
-
cpe:2.3:a:prosody:prosody:0.5.0
-
cpe:2.3:a:prosody:prosody:0.5.1
-
cpe:2.3:a:prosody:prosody:0.5.2
-
cpe:2.3:a:prosody:prosody:0.6.0
-
cpe:2.3:a:prosody:prosody:0.6.1
-
cpe:2.3:a:prosody:prosody:0.6.2
-
cpe:2.3:a:prosody:prosody:0.7.0
-
cpe:2.3:a:prosody:prosody:0.8.0
-
cpe:2.3:a:prosody:prosody:0.8.1
-
cpe:2.3:a:prosody:prosody:0.8.2
-
cpe:2.3:a:prosody:prosody:0.9.0
-
cpe:2.3:a:prosody:prosody:0.9.1
-
cpe:2.3:a:prosody:prosody:0.9.10
-
cpe:2.3:a:prosody:prosody:0.9.11
-
cpe:2.3:a:prosody:prosody:0.9.12
-
cpe:2.3:a:prosody:prosody:0.9.13
-
cpe:2.3:a:prosody:prosody:0.9.14
-
cpe:2.3:a:prosody:prosody:0.9.2
-
cpe:2.3:a:prosody:prosody:0.9.3
-
cpe:2.3:a:prosody:prosody:0.9.4
-
cpe:2.3:a:prosody:prosody:0.9.5
-
cpe:2.3:a:prosody:prosody:0.9.6
-
cpe:2.3:a:prosody:prosody:0.9.7
-
cpe:2.3:a:prosody:prosody:0.9.8
-
cpe:2.3:a:prosody:prosody:0.9.9
-
cpe:2.3:o:debian:debian_linux:10.0
-
cpe:2.3:o:debian:debian_linux:9.0
-
cpe:2.3:o:fedoraproject:fedora:32
-
cpe:2.3:o:fedoraproject:fedora:33
-
cpe:2.3:o:fedoraproject:fedora:34