Lucene search
HistorySep 23, 2013 - 8:55 p.m.
CVE-2013-1431
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
6.3
Confidence
Low
EPSS
0.005
Percentile
76.9%
The Wocky module in Telepathy Gabble before 0.16.6 and 0.17.x before 0.17.4, when connecting to a “legacy Jabber server,” does not properly enforce the WockyConnector:tls-required flag, which allows remote attackers to bypass TLS verification and perform a man-in-the-middle attacks.
Affected configurations
Node
simon_mcvittietelepathy_gabbleRange≤0.16.5
ORsimon_mcvittietelepathy_gabbleMatch0.16.0
ORsimon_mcvittietelepathy_gabbleMatch0.16.1
ORsimon_mcvittietelepathy_gabbleMatch0.16.2
ORsimon_mcvittietelepathy_gabbleMatch0.16.3
ORsimon_mcvittietelepathy_gabbleMatch0.16.4
ORsimon_mcvittietelepathy_gabbleMatch0.17.0
ORsimon_mcvittietelepathy_gabbleMatch0.17.1
ORsimon_mcvittietelepathy_gabbleMatch0.17.2
ORsimon_mcvittietelepathy_gabbleMatch0.17.3
| Vendor | Product | Version | CPE |
|---|---|---|---|
| simon_mcvittie | telepathy_gabble | * | cpe:2.3:a:simon_mcvittie:telepathy_gabble:*:*:*:*:*:*:*:* |
| simon_mcvittie | telepathy_gabble | 0.16.0 | cpe:2.3:a:simon_mcvittie:telepathy_gabble:0.16.0:*:*:*:*:*:*:* |
| simon_mcvittie | telepathy_gabble | 0.16.1 | cpe:2.3:a:simon_mcvittie:telepathy_gabble:0.16.1:*:*:*:*:*:*:* |
| simon_mcvittie | telepathy_gabble | 0.16.2 | cpe:2.3:a:simon_mcvittie:telepathy_gabble:0.16.2:*:*:*:*:*:*:* |
| simon_mcvittie | telepathy_gabble | 0.16.3 | cpe:2.3:a:simon_mcvittie:telepathy_gabble:0.16.3:*:*:*:*:*:*:* |
| simon_mcvittie | telepathy_gabble | 0.16.4 | cpe:2.3:a:simon_mcvittie:telepathy_gabble:0.16.4:*:*:*:*:*:*:* |
| simon_mcvittie | telepathy_gabble | 0.17.0 | cpe:2.3:a:simon_mcvittie:telepathy_gabble:0.17.0:*:*:*:*:*:*:* |
| simon_mcvittie | telepathy_gabble | 0.17.1 | cpe:2.3:a:simon_mcvittie:telepathy_gabble:0.17.1:*:*:*:*:*:*:* |
| simon_mcvittie | telepathy_gabble | 0.17.2 | cpe:2.3:a:simon_mcvittie:telepathy_gabble:0.17.2:*:*:*:*:*:*:* |
| simon_mcvittie | telepathy_gabble | 0.17.3 | cpe:2.3:a:simon_mcvittie:telepathy_gabble:0.17.3:*:*:*:*:*:*:* |
Related
cvelist
cvelist
CVE-2013-1431
2013-09-23 20:00:00
nessus
nessus
FreeBSD : telepathy-gabble -- TLS verification bypass (a3c2dee5-cdb9-11e2-b9ce-080027019be0)
2013-06-06 00:00:00
Fedora 18 : telepathy-gabble-0.16.6-1.fc18 (2013-9794)
2013-07-12 00:00:00
openSUSE Security Update : telepathy-gabble (openSUSE-SU-2013:1013-1)
2014-06-13 00:00:00
openvas
openvas
Fedora Update for telepathy-gabble FEDORA-2013-9794
2013-06-10 00:00:00
Debian: Security Advisory (DSA-2702-1)
2013-06-02 00:00:00
Fedora Update for telepathy-gabble FEDORA-2013-9794
2013-06-10 00:00:00
ubuntucve
ubuntucve
CVE-2013-1431
2013-05-30 00:00:00
fedora
fedora
[SECURITY] Fedora 18 Update: telepathy-gabble-0.16.6-1.fc18
2013-06-09 02:25:45
cve
cve
CVE-2013-1431
2013-09-23 20:55:07
osv
osv
telepathy-gabble - TLS verification bypass
2013-06-03 00:00:00
telepathy-gabble-0.18.3-1.10 on GA media
2024-06-15 00:00:00
debian
debian
[SECURITY] [DSA 2702-1] telepathy-gabble security update
2013-06-03 18:40:47
[SECURITY] [DSA 2702-1] telepathy-gabble security update
2013-06-03 18:40:47
debiancve
debiancve
CVE-2013-1431
2013-09-23 20:55:07
freebsd
freebsd
telepathy-gabble -- TLS verification bypass
2013-05-27 00:00:00
mageia
mageia
Updated telepathy-gabble package fixes security vulnerability
2013-06-18 18:56:53
securityvulns
securityvulns
telepathy-gabbleprotection bypass
2013-06-17 00:00:00
[SECURITY] [DSA 2702-1] telepathy-gabble security update
2013-06-17 00:00:00
prion
prion
Authentication flaw
2013-09-23 20:55:00
ubuntu
ubuntu
telepathy-gabble vulnerabilities
2013-06-12 00:00:00
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
6.3
Confidence
Low
EPSS
0.005
Percentile
76.9%
Related for NVD:CVE-2013-1431