CVE-2017-5603

EUVD-2017-14702
An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for Jitsi 2.5.5061 - 2.9.5544.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.9 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 48%
Affected Products (NVD)
VendorProductVersion
jitsijitsi
2.5.5061
jitsijitsi
2.9.5544
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
jitsi
artful
dne
bionic
dne
cosmic
dne
precise
dne
trusty
dne
xenial
dne
yakkety
dne
zesty
dne
Common Weakness Enumeration
References
http://openwall.com/lists/oss-security/2017/02/09/29
http://www.securityfocus.com/bid/96174
https://github.com/jitsi/jitsi/commit/7d66da61b316c9480b63000f831b6de723b87315
https://rt-solutions.de/en/2017/02/CVE-2017-5589_xmpp_carbons/
https://rt-solutions.de/wp-content/uploads/2017/02/CVE-2017-5589_xmpp_carbons.pdf
http://openwall.com/lists/oss-security/2017/02/09/29
http://www.securityfocus.com/bid/96174
https://github.com/jitsi/jitsi/commit/7d66da61b316c9480b63000f831b6de723b87315
https://rt-solutions.de/en/2017/02/CVE-2017-5589_xmpp_carbons/
https://rt-solutions.de/wp-content/uploads/2017/02/CVE-2017-5589_xmpp_carbons.pdf