Description

In words.protocols.jabber.xmlstream in Twisted through 19.2.1, XMPP support did not verify certificates when used with TLS, allowing an attacker to MITM connections.

Remediation

References

CVE-2019-12855

Related Vulnerabilities

PHP Numeric Errors Vulnerability (CVE-2011-0755)

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-0125)

WordPress Plugin Knews Multilingual Newsletters Cross-Site Request Forgery (1.2.5)

WordPress Plugin Relevanssi-A Better Search 'Seach Query' Field HTML Injection (2.7.2)

Jenkins Use of Insufficiently Random Values Vulnerability (CVE-2020-2099)

Severity

High

Classification

CVE-2019-12855 CWE-295 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Tags

Missing Update Known Vulnerabilities