CVE-2005-0131 — Konversation vulnerability

4 documents4 sources

Severity

5.0MEDIUMNVD

EPSS

1.1%

top 21.51%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Konversation Debian Konversation Berlios Konversation

Timeline

PublishedApr 14

Latest updateMay 1

Description

The Quick Connection dialog in Konversation 0.15 inadvertently uses the user-provided password as the nickname instead of the user-provided nickname when connecting to the IRC server, which could leak the password to other users.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/konversation< konversation 0.15-3 (bookworm)

▶Debiankonversation/konversation< 0.15-3+3

▶NVDberlios/konversation0.15

🔴Vulnerability Details

GHSA

GHSA-mfx8-57jr-25r5: The Quick Connection dialog in Konversation 0↗2022-05-01

▶

OSV

CVE-2005-0131: The Quick Connection dialog in Konversation 0↗2005-04-14

▶

📋Vendor Advisories

Debian

CVE-2005-0131: konversation - The Quick Connection dialog in Konversation 0.15 inadvertently uses the user-pro...↗2005

▶