Vulnerability Details : CVE-2022-39835
An issue was discovered in Gajim through 1.4.7. The vulnerability allows attackers, via crafted XML stanzas, to correct messages that were not sent by them. The attacker needs to be part of the group chat or single chat. The fixed version is 1.5.0.
Products affected by CVE-2022-39835
- cpe:2.3:a:gajim:gajim:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-39835
0.07%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 34 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-39835
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
3.9
|
1.4
|
NIST |
References for CVE-2022-39835
-
https://dev.gajim.org/gajim/gajim/-/blob/master/ChangeLog
ChangeLog · master · gajim / gajim · GitLabRelease Notes;Vendor Advisory
-
https://dev.gajim.org/gajim/gajim/-/tags
Tags · gajim / gajim · GitLabVendor Advisory
Jump to