CVE-2021-27229Link Following in Mumble

CWE-59Link Following5 documents5 sources
Severity
8.8HIGHNVD
EPSS
2.6%
top 14.33%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
MumbleDebian MumbleDebian Linux
Timeline
PublishedFeb 16
Latest updateMay 24

Description

Mumble before 1.3.4 allows remote code execution if a victim navigates to a crafted URL on a server list and clicks on the Open Webpage text.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

NVDmumble/mumble< 1.3.4
debiandebian/mumble< mumble 1.3.4-1 (bookworm)
Debianmumble/mumble< 1.3.4-1+3

Also affects: Debian Linux 9.0

Patches

Patch: github.comPatch: github.comPatch: github.com

🔴Vulnerability Details

2
GHSA
GHSA-58v9-jf45-v492: Mumble before 12022-05-24
OSV
CVE-2021-27229: Mumble before 12021-02-16

📋Vendor Advisories

2
Ubuntu
Mumble vulnerability2021-12-16
Debian
CVE-2021-27229: mumble - Mumble before 1.3.4 allows remote code execution if a victim navigates to a craf...2021
CVE-2021-27229 — Link Following in Mumble | cvebase