VDB
CVE-2008-3969
CVE-2008-3969
PUBLISHED
CVSS 5 MEDIUM
Multiple unspecified vulnerabilities in BitlBee before 1.2.3 allow remote attackers to "overwrite" and "hijack" existing accounts via unknown vectors related to "inconsistent handling of the USTATUS_IDENTIFIED state." NOTE: this issue exists because of an incomplete fix for CVE-2008-3920.
EPSS 0.81% · 74.7th percentile
Risk Scores
CVSS 2.0
5
EPSS Score
0.81%
74.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| bitlbee | bitlbee | 0 |
| fedoraproject | fedora | 8 |
Timeline
- Sep 10, 2008 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- May 25, 2023 EPSS Score
References
- [oss-security] 20080908 Re: CVE request for bitlbee mailing-list
- FEDORA-2008-7761 vendor-advisory
- 31342 vdb
- [oss-security] 20080909 Re: CVE request for bitlbee mailing-list
- bitlbee-multiple-unspecified-security-bypass(45132) vdb
- GLSA-200809-14 vendor-advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=461424 url
- http://www.bitlbee.org/main.php/changelog.html url
- http://www.bitlbee.org/main.php/news.r.html url
- 31991 third-party-advisory
- 31690 third-party-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2008-3969 advisory