CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
76.9%
The Wocky module in Telepathy Gabble before 0.16.6 and 0.17.x before 0.17.4, when connecting to a “legacy Jabber server,” does not properly enforce the WockyConnector:tls-required flag, which allows remote attackers to bypass TLS verification and perform a man-in-the-middle attacks.
Vendor | Product | Version | CPE |
---|---|---|---|
simon_mcvittie | telepathy_gabble | * | cpe:2.3:a:simon_mcvittie:telepathy_gabble:*:*:*:*:*:*:*:* |
simon_mcvittie | telepathy_gabble | 0.16.0 | cpe:2.3:a:simon_mcvittie:telepathy_gabble:0.16.0:*:*:*:*:*:*:* |
simon_mcvittie | telepathy_gabble | 0.16.1 | cpe:2.3:a:simon_mcvittie:telepathy_gabble:0.16.1:*:*:*:*:*:*:* |
simon_mcvittie | telepathy_gabble | 0.16.2 | cpe:2.3:a:simon_mcvittie:telepathy_gabble:0.16.2:*:*:*:*:*:*:* |
simon_mcvittie | telepathy_gabble | 0.16.3 | cpe:2.3:a:simon_mcvittie:telepathy_gabble:0.16.3:*:*:*:*:*:*:* |
simon_mcvittie | telepathy_gabble | 0.16.4 | cpe:2.3:a:simon_mcvittie:telepathy_gabble:0.16.4:*:*:*:*:*:*:* |
simon_mcvittie | telepathy_gabble | 0.17.0 | cpe:2.3:a:simon_mcvittie:telepathy_gabble:0.17.0:*:*:*:*:*:*:* |
simon_mcvittie | telepathy_gabble | 0.17.1 | cpe:2.3:a:simon_mcvittie:telepathy_gabble:0.17.1:*:*:*:*:*:*:* |
simon_mcvittie | telepathy_gabble | 0.17.2 | cpe:2.3:a:simon_mcvittie:telepathy_gabble:0.17.2:*:*:*:*:*:*:* |
simon_mcvittie | telepathy_gabble | 0.17.3 | cpe:2.3:a:simon_mcvittie:telepathy_gabble:0.17.3:*:*:*:*:*:*:* |