CVE-2022-28352

Sažetak

WeeChat (aka Wee Enhanced Environment for Chat) 3.2 to 3.4 before 3.4.1 does not properly verify the TLS certificate of the server, after certain GnuTLS options are changed, which allows man-in-the-middle attackers to spoof a TLS chat server via an arbitrary certificate. NOTE: this only affects situations where weechat.network.gnutls_ca_system or weechat.network.gnutls_ca_user is changed without a WeeChat restart.

Reference

https://weechat.org/doc/security/WSA-2022-1/
https://github.com/weechat/weechat/issues/1763

CVSS

Base:	4.0
Impact:	4.9
Exploitability:	4.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	HIGH	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	NONE

CVSS vektor

AV:N/AC:H/Au:N/C:P/I:P/A:N

Zadnje važnije ažuriranje

13-04-2022 - 18:33

Objavljeno

02-04-2022 - 17:15