Vulnerability Description
muc.lib.lua in Prosody 0.11.0 through 0.11.9 allows remote attackers to obtain sensitive information (list of admins, members, owners, and banned entities of a Multi-User chat room) in some common configurations.
CVSS Score
7.5
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Prosody | Prosody | >= 0.11.0, <= 0.11.9 |
References
- http://www.openwall.com/lists/oss-security/2021/07/28/4Mailing ListThird Party Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://prosody.im/ExploitProduct
- https://prosody.im/security/advisory_20210722/Vendor Advisory
- http://www.openwall.com/lists/oss-security/2021/07/28/4Mailing ListThird Party Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://prosody.im/ExploitProduct
- https://prosody.im/security/advisory_20210722/Vendor Advisory
FAQ
What is CVE-2021-37601?
CVE-2021-37601 is a vulnerability with a CVSS score of 7.5 (HIGH). muc.lib.lua in Prosody 0.11.0 through 0.11.9 allows remote attackers to obtain sensitive information (list of admins, members, owners, and banned entities of a Multi-User chat room) in some common con...
How severe is CVE-2021-37601?
CVE-2021-37601 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-37601?
Check the references section above for vendor advisories and patch information. Affected products include: Prosody Prosody.