CVE-2019-12855

In words.protocols.jabber.xmlstream in Twisted through 19.2.1, XMPP support did not verify certificates when used with TLS, allowing an attacker to MITM connections.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.4 HIGH
NETWORK
HIGH
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 70%
VendorProductVersion
twistedtwisted
𝑥
≤ 19.2.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
twisted
bullseye
20.3.0-7+deb11u1
fixed
stretch
no-dsa
jessie
no-dsa
bookworm
22.4.0-4
fixed
bookworm (security)
22.4.0-4+deb12u1
fixed
trixie
24.7.0-3
fixed
sid
24.10.0-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
twisted
eoan
Fixed 18.9.0-3ubuntu1.1
released
disco
ignored
cosmic
ignored
bionic
Fixed 17.9.0-2ubuntu0.1
released
xenial
Fixed 16.0.0-1ubuntu0.4
released
trusty
Fixed 13.2.0-1ubuntu1.2+esm1
released
twisted-py3
eoan
dne
disco
dne
cosmic
dne
bionic
dne
xenial
dne
trusty
dne
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00013.html
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00028.html
https://github.com/twisted/twisted/pull/1147
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PLTZDMFBNFSJMBXYJNGJHENJA4H2TSMZ/
https://twistedmatrix.com/trac/ticket/9561
https://usn.ubuntu.com/4308-1/
https://usn.ubuntu.com/4308-2/
https://www.oracle.com/security-alerts/cpuapr2020.html
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00013.html
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00028.html
https://github.com/twisted/twisted/pull/1147
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PLTZDMFBNFSJMBXYJNGJHENJA4H2TSMZ/
https://twistedmatrix.com/trac/ticket/9561
https://usn.ubuntu.com/4308-1/
https://usn.ubuntu.com/4308-2/
https://www.oracle.com/security-alerts/cpuapr2020.html