CVE-2019-12855

CVSS v4.0

9.1

Critical

Vector

AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions: Twisted versions through 19.2.1

Description: The issue is related to the XMPP support in the words.protocols.jabber.xmlstream module of the Twisted network framework, which did not verify certificates when used with TLS. This allows an attacker to perform a man-in-the-middle (MITM) attack on connections. The vulnerability can be exploited by a remote attacker to intercept and manipulate data.

Recommendations: For Twisted versions through 19.2.1, update to a version that verifies certificates when using TLS to prevent MITM attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Certificate Validation

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-295

Related Identifiers

AZL-6818

BDU:2020-02755

CVE-2019-12855

GHSA-65RM-H285-5CC5

MGASA-2019-0360

OPENSUSE-SU-2019:2068-1

OPENSUSE-SU-2019:2110-1

OPENSUSE-SU-2019_2068-1

OPENSUSE-SU-2024:11212-1

PYSEC-2019-129

SUSE-SU-2019:2212-1

SUSE-SU-2019:2453-1

SUSE-SU-2019_2212-1

SUSE-SU-2019_2453-1

USN-4308-1

USN-4308-2

Affected Products

Astra Linux

Suse

Twisted

Ubuntu

CVE-2019-12855

Weakness Enumeration

Related Identifiers

Affected Products

References · 54