Prosody Prosody

Do you want an email whenever new security vulnerabilities are reported in Prosody?

By the Year

In 2021 there have been 3 vulnerabilities in Prosody with an average score of 6.8 out of ten. Prosody did not have any published security vulnerabilities last year. That is, 3 more vulnerabilities have already been reported in 2021 as compared to last year.

Year Vulnerabilities Average Score
2021 3 6.77
2020 0 0.00
2019 0 0.00
2018 1 8.80

It may take a day or so for new Prosody vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Prosody Security Vulnerabilities

Prosody before 0.11.9

CVE-2021-32920 7.5 - High - May 13, 2021

Prosody before 0.11.9 allows Uncontrolled CPU Consumption via a flood of SSL/TLS renegotiation requests.

Resource Exhaustion

An issue was discovered in Prosody before 0.11.9

CVE-2021-32919 7.5 - High - May 13, 2021

An issue was discovered in Prosody before 0.11.9. The undocumented dialback_without_dialback option in mod_dialback enables an experimental feature for server-to-server authentication. It does not correctly authenticate remote server certificates, allowing a remote server to impersonate another server (when this option is enabled).

Improper Certificate Validation

An issue was discovered in Prosody before 0.11.9

CVE-2021-32917 5.3 - Medium - May 13, 2021

An issue was discovered in Prosody before 0.11.9. The proxy65 component allows open access by default, even if neither of the users has an XMPP account on the local server, allowing unrestricted use of the server's bandwidth.

AuthZ

prosody before versions 0.10.2, 0.9.14 is vulnerable to an Authentication Bypass

CVE-2018-10847 8.8 - High - July 30, 2018

prosody before versions 0.10.2, 0.9.14 is vulnerable to an Authentication Bypass. Prosody did not verify that the virtual host associated with a user session remained the same across stream restarts. A user may authenticate to XMPP host A and migrate their authenticated session to XMPP host B of the same Prosody instance.

authentification

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Prosody or by Prosody? Click the Watch button to subscribe.

Prosody
Vendor

Prosody
Product

subscribe