vulnerability

FreeBSD: VID-5ef14250-f47c-11eb-8f13-5b4de959822e (CVE-2021-37601): Prosody -- Remote Information Disclosure

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:L/Au:N/C:P/I:N/A:N)	Aug 3, 2021	Nov 4, 2022	Mar 25, 2026

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:N/A:N)

Published

Aug 3, 2021

Added

Nov 4, 2022

Modified

Mar 25, 2026

Description

A Prosody XMPP server advisory reports: It was discovered that Prosody allows any entity to access the list of admins, members, owners and banned entities of any federated XMPP group chat of which they know the address.

Solution

freebsd-upgrade-package-prosody

References

CVE-2021-37601
https://attackerkb.com/topics/CVE-2021-37601
EUVD-EUVD-2021-24159
https://euvd.enisa.europa.eu/vulnerability/EUVD-2021-24159

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report