FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Prosody -- Remote Information Disclosure

Affected packages
prosody < 0.11.10

Details

VuXML ID 5ef14250-f47c-11eb-8f13-5b4de959822e
Discovery 2021-07-22
Entry 2021-08-03

A Prosody XMPP server advisory reports:

It was discovered that Prosody allows any entity to access the list of admins, members, owners and banned entities of any federated XMPP group chat of which they know the address.

References

CVE Name CVE-2021-37601
URL https://prosody.im/security/advisory_20210722/