CVE-2019-12855 — Improper Certificate Validation in Twisted
Severity
7.4HIGHNVD
OSV6.1
EPSS
0.6%
top 29.24%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJun 16
Latest updateMar 30
Description
In words.protocols.jabber.xmlstream in Twisted through 19.2.1, XMPP support did not verify certificates when used with TLS, allowing an attacker to MITM connections.
CVSS vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 2.2 | Impact: 5.2
Affected Packages4 packages
Patches
🔴Vulnerability Details
6📋Vendor Advisories
5Red Hat▶
python-twisted: XMPP support in words.protocols.jabber.xmlstream in Twisted does not verify certificates allowing for a MITM connections↗2019-07-09
Microsoft▶
In words.protocols.jabber.xmlstream in Twisted through 19.2.1 XMPP support did not verify certificates when used with TLS allowing an attacker to MITM connections.↗2019-06-11
Debian▶
CVE-2019-12855: twisted - In words.protocols.jabber.xmlstream in Twisted through 19.2.1, XMPP support did ...↗2019
💬Community
3Bugzilla▶
CVE-2019-12855 python-twisted: XMPP support in words.protocols.jabber.xmlstream in Twisted does not verify certificates allowing for a MITM connections [openstack-rdo]↗2019-08-13
Bugzilla▶
CVE-2019-12855 python-twisted: XMPP support in words.protocols.jabber.xmlstream in Twisted does not verify certificates allowing for a MITM connections↗2019-07-09
Bugzilla▶
CVE-2019-12855 python-twisted: XMPP support in words.protocols.jabber.xmlstream in Twisted does not verify certificates allowing for a MITM connections [fedora-all]↗2019-07-09