PT-2013-1087 · Free Software Foundation · Telepathy Gabble

Published

2013-06-18

Updated

2024-06-15

CVE-2013-1431

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Telepathy Gabble versions prior to 0.16.6 Telepathy Gabble versions 0.17.x prior to 0.17.4

Description The issue allows remote attackers to bypass TLS verification, potentially leading to man-in-the-middle attacks when connecting to a "legacy Jabber server". This could compromise the confidentiality, integrity, and availability of protected information. The exploitation of this issue can be done remotely.

Recommendations For Telepathy Gabble versions prior to 0.16.6, update to version 0.16.6 or later. For Telepathy Gabble versions 0.17.x prior to 0.17.4, update to version 0.17.4 or later. As a temporary workaround, consider restricting access to the Wocky module until a patch is available.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

BDU:2015-02882

CVE-2013-1431

DSA-2702-1

MGASA-2013-0170

OPENSUSE-SU-2024:10079-1

Affected Products

Telepathy Gabble

PT-2013-1087 · Free Software Foundation · Telepathy Gabble

CVE-2013-1431

Weakness Enumeration

Related Identifiers

Affected Products

References · 17