CVE-2021-32917

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://blog.prosody.im/prosody-0.11.9-released/", "name": "https://blog.prosody.im/prosody-0.11.9-released/", "tags": ["Release Notes", "Vendor Advisory"], "refsource": "MISC"}, {"url": "http://www.openwall.com/lists/oss-security/2021/05/13/1", "name": "[oss-security] 20210513 Prosody XMPP server advisory 2021-05-12 (multiple vulnerabilities)", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "http://www.openwall.com/lists/oss-security/2021/05/14/2", "name": "[oss-security] 20210514 Re: Prosody XMPP server advisory 2021-05-12 (multiple vulnerabilities)", "tags": ["Mailing List", "Mitigation", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "https://www.debian.org/security/2021/dsa-4916", "name": "DSA-4916", "tags": ["Third Party Advisory"], "refsource": "DEBIAN"}, {"url": "https://security.gentoo.org/glsa/202105-15", "name": "https://security.gentoo.org/glsa/202105-15", "tags": ["Third Party Advisory"], "refsource": "MISC"}, {"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00016.html", "name": "[debian-lts-announce] 20210616 [SECURITY] [DLA 2687-1] prosody security update", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6MFFBZWXKPZEVZNQSVJNCUE7WRF3T7DG/", "name": "FEDORA-2021-b5d8c6d086", "tags": [], "refsource": ""}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LWJ2DG2DFJOEFEWOUN26IMYYWGSA2ZEE/", "name": "FEDORA-2021-a33f6e36e1", "tags": [], "refsource": ""}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GUN63AHEWB2WRROJHU3BVJRWLONCT2B7/", "name": "FEDORA-2021-498be8f560", "tags": [], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "An issue was discovered in Prosody before 0.11.9. The proxy65 component allows open access by default, even if neither of the users has an XMPP account on the local server, allowing unrestricted use of the server's bandwidth."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-862"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2021-32917", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "acInsufInfo": false, "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}}, "publishedDate": "2021-05-13T16:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:prosody:prosody:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "0.11.9"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2023-11-07T03:35Z"}