vulnerability

Ubuntu: USN-4834-1 (CVE-2018-10847): Prosody vulnerability

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:N/AC:L/Au:S/C:P/I:P/A:P)	Jul 30, 2018	Mar 22, 2023	Mar 27, 2026

Severity

CVSS

(AV:N/AC:L/Au:S/C:P/I:P/A:P)

Published

Jul 30, 2018

Added

Mar 22, 2023

Modified

Mar 27, 2026

Description

prosody before versions 0.10.2, 0.9.14 is vulnerable to an Authentication Bypass. Prosody did not verify that the virtual host associated with a user session remained the same across stream restarts. A user may authenticate to XMPP host A and migrate their authenticated session to XMPP host B of the same Prosody instance.

Solution

ubuntu-pro-upgrade-prosody

References

CVE-2018-10847
https://attackerkb.com/topics/CVE-2018-10847
CWE-287
CWE-592
DEBIAN-DSA-4216
EUVD-EUVD-2018-2916
UBUNTU-USN-4834-1
https://euvd.enisa.europa.eu/vulnerability/EUVD-2018-2916

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report