VDB
CVE-2021-32917
CVE-2021-32917
PUBLISHED
An issue was discovered in Prosody before 0.11.9. The proxy65 component allows open access by default, even if neither of the users has an XMPP account on the local server, allowing unrestricted use of the server's bandwidth.
EPSS 4.41% · 89.2th percentile
Risk Scores
EPSS Score
4.41%
89.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:20.04:LTS | prosody | 0.11.4-1, 0, 0.11.2-1 |
| Ubuntu:22.04:LTS | prosody | 0.11.11-2, 0.11.12-1, 0.11.11-1 |
| Ubuntu:Pro:18.04:LTS | prosody | 0, 0.10.0-1ubuntu0.1~esm1, 0.10.0-1 |
| Ubuntu:16.04:LTS | prosody | 0, 0.9.8-1, 0.9.9-1 |
Timeline
- May 13, 2021 CVE Published
- May 14, 2021 EPSS Score
- Jun 19, 2021 EPSS Score
- Jun 24, 2021 EPSS Score
- Sep 16, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Jan 17, 2022 EPSS Score
- Mar 20, 2022 EPSS Score
- May 21, 2022 EPSS Score
- Jul 22, 2022 EPSS Score
- Nov 23, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2021-32917 third-party-advisory
- https://www.openwall.com/lists/oss-security/2021/05/13/1 third-party-advisory
- https://prosody.im/security/advisory_20210512.txt third-party-advisory
- https://hg.prosody.im/trunk/rev/65dcc175ef5b third-party-advisory
- https://blog.prosody.im/prosody-0.11.9-released/ third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2021-32917 third-party-advisory