Upstream information
CVE-2017-5593 at MITRE
Description
An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for Psi+ (0.16.563.580 - 0.16.571.627).
Overall state of this security issue: Does not affect SUSE products
This issue is currently rated as having important severity.
CVSS v2 Scores
| | National Vulnerability Database |
|---|
| Base Score | 4.3 |
| Vector | AV:N/AC:M/Au:N/C:N/I:P/A:N |
| Access Vector | Network |
| Access Complexity | Medium |
| Authentication | None |
| Confidentiality Impact | None |
| Integrity Impact | Partial |
| Availability Impact | None |
CVSS v3 Scores
| | National Vulnerability Database |
|---|
| Base Score | 5.9 |
| Vector | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N |
| Attack Vector | Network |
| Attack Complexity | High |
| Privileges Required | None |
| User Interaction | None |
| Scope | Unchanged |
| Confidentiality Impact | None |
| Integrity Impact | High |
| Availability Impact | None |
| CVSSv3 Version | 3 |
SUSE Bugzilla entry:
1024687 [RESOLVED / FIXED]
No SUSE Security Announcements cross referenced.
List of released packages
| Product(s) | Fixed package version(s) | References |
|---|
| openSUSE Tumbleweed | psi+ >= 1.5.1548+0-2.3psi+-data >= 1.5.1548+0-2.3psi+-plugins-attentionplugin >= 1.5.1548+0-2.3psi+-plugins-autoreplyplugin >= 1.5.1548+0-2.3psi+-plugins-birthdayreminderplugin >= 1.5.1548+0-2.3psi+-plugins-chessplugin >= 1.5.1548+0-2.3psi+-plugins-cleanerplugin >= 1.5.1548+0-2.3psi+-plugins-clientswitcherplugin >= 1.5.1548+0-2.3psi+-plugins-conferenceloggerplugin >= 1.5.1548+0-2.3psi+-plugins-contentdownloaderplugin >= 1.5.1548+0-2.3psi+-plugins-devel >= 1.5.1548+0-2.3psi+-plugins-enummessagesplugin >= 1.5.1548+0-2.3psi+-plugins-extendedmenuplugin >= 1.5.1548+0-2.3psi+-plugins-extendedoptionsplugin >= 1.5.1548+0-2.3psi+-plugins-gomokugameplugin >= 1.5.1548+0-2.3psi+-plugins-historykeeperplugin >= 1.5.1548+0-2.3psi+-plugins-imageplugin >= 1.5.1548+0-2.3psi+-plugins-imagepreviewplugin >= 1.5.1548+0-2.3psi+-plugins-jabberdiskplugin >= 1.5.1548+0-2.3psi+-plugins-juickplugin >= 1.5.1548+0-2.3psi+-plugins-messagefilterplugin >= 1.5.1548+0-2.3psi+-plugins-omemoplugin >= 1.5.1548+0-2.3psi+-plugins-openpgpplugin >= 1.5.1548+0-2.3psi+-plugins-otrplugin >= 1.5.1548+0-2.3psi+-plugins-pepchangenotifyplugin >= 1.5.1548+0-2.3psi+-plugins-qipxstatusesplugin >= 1.5.1548+0-2.3psi+-plugins-screenshotplugin >= 1.5.1548+0-2.3psi+-plugins-stopspamplugin >= 1.5.1548+0-2.3psi+-plugins-storagenotesplugin >= 1.5.1548+0-2.3psi+-plugins-translateplugin >= 1.5.1548+0-2.3psi+-plugins-videostatusplugin >= 1.5.1548+0-2.3psi+-plugins-watcherplugin >= 1.5.1548+0-2.3
| Patchnames:
openSUSE-Tumbleweed-2024-11198 |
SUSE Timeline for this CVE
CVE page created: Fri Feb 10 11:15:40 2017
CVE page last modified: Tue Sep 3 18:45:21 2024
