EPSS
Percentile
78.1%
It was found that gajim doesn’t verify the origin of roster pushes thus allowing third parties to modify the roster. This vulnerability allows to intercept messages resulting in man-in-the-middle.
gultsch.de/gajim_roster_push_and_message_interception.html
access.redhat.com/security/cve/CVE-2015-8688
bugs.archlinux.org/task/47647