vulnerability
SUSE: CVE-2018-10847: SUSE Linux Security Advisory
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:L/Au:S/C:P/I:P/A:P) | Jun 2, 2018 | Jun 10, 2018 | Oct 22, 2021 |
Severity
7
CVSS
(AV:N/AC:L/Au:S/C:P/I:P/A:P)
Published
Jun 2, 2018
Added
Jun 10, 2018
Modified
Oct 22, 2021
Description
prosody before versions 0.10.2, 0.9.14 is vulnerable to an Authentication Bypass. Prosody did not verify that the virtual host associated with a user session remained the same across stream restarts. A user may authenticate to XMPP host A and migrate their authenticated session to XMPP host B of the same Prosody instance.
Solution
suse-upgrade-prosody
References
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.