Jonas Schäfer

**Name of the Vulnerable Software and Affected Versions** Prosody versions 0.11.0 through 0.11.9 **Description** The issue allows remote attackers to obtain sensitive information, including the list of admins, members, owners, and banned entities of a Multi-User chat room, in some common configurations. This is due to a problem in the muc.lib.lua module. **Recommendations** For Prosody versions 0.11.0 through 0.11.9, update to a version outside of this range to resolve the issue. As a temporary workaround, consider restricting access to the muc.lib.lua module to minimize the risk of exploitation.