CVE-2021-37601: High severity prosody vulnerability

Q: What is CVE-2021-37601?

CVE-2021-37601 is a vulnerability in Prosody 0.11.0 through 0.11.9 that allows remote attackers to obtain sensitive information.

Q: How does CVE-2021-37601 affect Prosody?

CVE-2021-37601 affects Prosody versions 0.11.0 through 0.11.9.

Q: What is the severity of CVE-2021-37601?

CVE-2021-37601 has a severity level of 7.5 (High).

Q: What is the impact of CVE-2021-37601?

CVE-2021-37601 allows remote attackers to obtain sensitive information, specifically a list of admins, members, owners, and banned entities of a Multi-User chat room.

Q: How can I fix CVE-2021-37601?

To fix CVE-2021-37601, upgrade your Prosody installation to a version higher than 0.11.9.

Published Jul 28, 2021

Updated

muc.lib.lua in Prosody 0.11.0 through 0.11.9 allows remote attackers to obtain sensitive information (list of admins, members, owners, and banned entities of a Multi-User chat room) in some common configurations.

Affected Software

1 affected component

Prosody prosody>=0.11.0<=0.11.9

Event History

Jul 28, 2021

CVE Published

via MITRE·01:52 PM

Data Sourced

via MITRE·01:52 PM

DescriptionSeverity

Frequently Asked Questions

What is CVE-2021-37601?

CVE-2021-37601 is a vulnerability in Prosody 0.11.0 through 0.11.9 that allows remote attackers to obtain sensitive information.

How does CVE-2021-37601 affect Prosody?

CVE-2021-37601 affects Prosody versions 0.11.0 through 0.11.9.

What is the severity of CVE-2021-37601?

CVE-2021-37601 has a severity level of 7.5 (High).

What is the impact of CVE-2021-37601?

CVE-2021-37601 allows remote attackers to obtain sensitive information, specifically a list of admins, members, owners, and banned entities of a Multi-User chat room.

How can I fix CVE-2021-37601?