CVE-2022-39835

An issue was discovered in Gajim through 1.4.7. The vulnerability allows attackers, via crafted XML stanzas, to correct messages that were not sent by them. The attacker needs to be part of the group chat or single chat. The fixed version is 1.5.0.

CVSS v3.0 5.3 MEDIUM

5.3^/10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://dev.gajim.org/gajim/gajim/-/blob/master/ChangeLog	Release Notes Vendor Advisory
https://dev.gajim.org/gajim/gajim/-/blob/master/ChangeLog	Release Notes Vendor Advisory
https://dev.gajim.org/gajim/gajim/-/tags	Vendor Advisory
https://dev.gajim.org/gajim/gajim/-/tags	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:gajim:gajim:*:*:*:*:*:*:*:*

History

21 May 2025, 16:15

Type	Values Removed	Values Added
References	~~(MISC) https://dev.gajim.org/gajim/gajim/-/tags - Vendor Advisory~~	() https://dev.gajim.org/gajim/gajim/-/tags - Vendor Advisory
References	~~(MISC) https://dev.gajim.org/gajim/gajim/-/blob/master/ChangeLog - Release Notes, Vendor Advisory~~	() https://dev.gajim.org/gajim/gajim/-/blob/master/ChangeLog - Release Notes, Vendor Advisory

Information

Published : 2022-09-27 23:15

Updated : 2025-05-21 16:15

NVD link : CVE-2022-39835

Mitre link : CVE-2022-39835

JSON object : View

Products Affected

gajim

gajim

CWE

NVD-CWE-noinfo

5.3 /10