Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
slixmpp version before commit 7cd73b594e8122dddf847953fcfc85ab4d316416 contains an incorrect Access Control vulnerability in XEP-0223 plugin (Persistent Storage of Private Data via PubSub) options profile, used for the configuration of default access model that can result in all of the contacts of the victim can see private data having been published to a PEP node. This attack appears to be exploitable if the user of this library publishes any private data on PEP, the node isn't configured to be private. This vulnerability appears to have been fixed in commit 7cd73b594e8122dddf847953fcfc85ab4d316416 which is included in slixmpp 1.4.2.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
slixmpp 访问控制错误漏洞
Vulnerability Description
slixmpp是一款开源的、基于Python的XMPP(eXtensible Messaging and Presence Protocol,可扩展消息处理和现场协议)库。 slixmpp 1.4.2之前版本中的XEP-0223插件的选项配置文件存在访问控制错误漏洞。攻击者可利用该漏洞获取发布到PEP节点上的私有数据。
CVSS Information
N/A
Vulnerability Type
N/A