CVE-2019-16236Missing Authorization in Dino

CWE-862Missing Authorization5 documents5 sources
Severity
7.5HIGHNVD
EPSS
0.8%
top 25.65%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
DinoDebian Dino-imCanonical Ubuntu Linux+2 more
Timeline
PublishedSep 11
Latest updateMay 24

Description

Dino before 2019-09-10 does not check roster push authorization in module/roster/module.vala.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

NVDdino/dino< 0.1.0
debiandebian/dino-im< dino-im 0.0.git20190911.2a70a4e-1 (bookworm)

Also affects: Debian Linux 10.0, Fedora 29, 30, 31, Ubuntu Linux 18.04

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

2
GHSA
GHSA-g5xx-x6v3-g4g8: Dino before 2019-09-10 does not check roster push authorization in module/roster/module2022-05-24
OSV
CVE-2019-16236: Dino before 2019-09-10 does not check roster push authorization in module/roster/module2019-09-11

📋Vendor Advisories

2
Ubuntu
Dino vulnerabilities2020-03-17
Debian
CVE-2019-16236: dino-im - Dino before 2019-09-10 does not check roster push authorization in module/roster...2019
CVE-2019-16236 — Missing Authorization in Dino | cvebase