user/py3-twisted: CVE-2019-12855: XMPP TLS certificates not verified
Bugzilla ID | 158 |
Alias(es) | CVE-2019-12855 |
Reporter | Max Rees (sroracle) |
Assignee | Max Rees (sroracle) |
Reported | 2019-07-31 10:12:22 -0500 |
Modified | 2019-08-22 15:32:12 -0500 |
Status | RESOLVED FIXED |
Version | 1.0-BETA3 |
Hardware | Adélie Linux / All |
Importance | --- / normal |
URL | https://nvd.nist.gov/vuln/detail/CVE-2019-12855 |
Description
In words.protocols.jabber.xmlstream in Twisted through 19.2.1, XMPP
support did not verify certificates when used with TLS, allowing an
attacker to MITM connections.