4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
0.005 Low
EPSS
Percentile
76.5%
An issue was discovered in Prosody before 0.11.9. The proxy65 component
allows open access by default, even if neither of the users has an XMPP
account on the local server, allowing unrestricted use of the serverβs
bandwidth.
blog.prosody.im/prosody-0.11.9-released/
hg.prosody.im/trunk/rev/65dcc175ef5b
launchpad.net/bugs/cve/CVE-2021-32917
nvd.nist.gov/vuln/detail/CVE-2021-32917
prosody.im/security/advisory_20210512.txt
security-tracker.debian.org/tracker/CVE-2021-32917
www.cve.org/CVERecord?id=CVE-2021-32917
www.openwall.com/lists/oss-security/2021/05/13/1
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
0.005 Low
EPSS
Percentile
76.5%