FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-12-02 20:06:50 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
9bcff2c4-1779-11ef-b489-b42e991fc52e	Openfire administration console authentication bypass security-advisories@github.com reports: Openfire's administrative console, a web-based application, was found to be vulnerable to a path traversal attack via the setup environment. This permitted an unauthenticated user to use the unauthenticated Openfire Setup Environment in an already configured Openfire environment to access restricted pages in the Openfire Admin Console reserved for administrative users. This vulnerability affects all versions of Openfire that have been released since April 2015, starting with version 3.10.0. The problem has been patched in Openfire release 4.7.5 and 4.6.8, and further improvements will be included in the yet-to-be released first version on the 4.8 branch (which is expected to be version 4.8.0). Users are advised to upgrade. If an Openfire upgrade isnt available for a specific release, or isnt quickly actionable, users may see the linked github advisory (GHSA-gw42-f939-fhvm) for mitigation advice. Discovery 2023-05-26 Entry 2024-05-21 openfire < 4.6.8 CVE-2023-32315 https://nvd.nist.gov/vuln/detail/CVE-2023-32315
e3e30d99-58a8-4a3f-8059-a8b7cd59b881	openfire -- Openfire No Password Changes Security Bypass Secunia reports: A vulnerability has been reported in Openfire which can be exploited by malicious users to bypass certain security restrictions. The vulnerability is caused due to Openfire not properly respecting the no password changes setting which can be exploited to change passwords by sending jabber:iq:auth passwd_change requests to the server. Discovery 2009-05-04 Entry 2009-05-04 Modified 2010-05-02 openfire < 3.6.4 CVE-2009-1596 http://secunia.com/advisories/34984/ http://www.igniterealtime.org/issues/browse/JM-1532 http://www.igniterealtime.org/community/message/190288#190288

VuXML ID

Description

9bcff2c4-1779-11ef-b489-b42e991fc52e

Openfire administration console authentication bypass

security-advisories@github.com reports:

Openfire's administrative console, a web-based application, was found to be vulnerable to a path traversal attack via the setup environment. This permitted an unauthenticated user to use the unauthenticated Openfire Setup Environment in an already configured Openfire environment to access restricted pages in the Openfire Admin Console reserved for administrative users. This vulnerability affects all versions of Openfire that have been released since April 2015, starting with version 3.10.0. The problem has been patched in Openfire release 4.7.5 and 4.6.8, and further improvements will be included in the yet-to-be released first version on the 4.8 branch (which is expected to be version 4.8.0). Users are advised to upgrade. If an Openfire upgrade isnt available for a specific release, or isnt quickly actionable, users may see the linked github advisory (GHSA-gw42-f939-fhvm) for mitigation advice.

Discovery 2023-05-26
Entry 2024-05-21
openfire

< 4.6.8

CVE-2023-32315
https://nvd.nist.gov/vuln/detail/CVE-2023-32315

e3e30d99-58a8-4a3f-8059-a8b7cd59b881

openfire -- Openfire No Password Changes Security Bypass

Secunia reports:

A vulnerability has been reported in Openfire which can be exploited by malicious users to bypass certain security restrictions. The vulnerability is caused due to Openfire not properly respecting the no password changes setting which can be exploited to change passwords by sending jabber:iq:auth passwd_change requests to the server.

Discovery 2009-05-04
Entry 2009-05-04
Modified 2010-05-02
openfire

< 3.6.4

CVE-2009-1596
http://secunia.com/advisories/34984/
http://www.igniterealtime.org/issues/browse/JM-1532
http://www.igniterealtime.org/community/message/190288#190288