CVE-2022-39835

medium

Description

An issue was discovered in Gajim through 1.4.7. The vulnerability allows attackers, via crafted XML stanzas, to correct messages that were not sent by them. The attacker needs to be part of the group chat or single chat. The fixed version is 1.5.0.

References

https://dev.gajim.org/gajim/gajim/-/tags

https://dev.gajim.org/gajim/gajim/-/blob/master/ChangeLog

Details

Source: Mitre, NVD

Published: 2022-09-27

Updated: 2022-09-28

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N