Prosody: >> Mod Auth Ldap Security Vulnerabilities
The mod_auth_ldap and mod_auth_ldap2 Community Modules through 2020-01-27 for Prosody incompletely verify the XMPP address passed to the is_admin() function. This grants remote entities admin-only functionality if their username matches the username of a local admin.
CVSS Score
9.8
EPSS Score
0.007
Published
2020-01-28