CVE-2022-39835
5.3
MEDIUM
CVSS 3.1
EPSS 0.19%
Description
An issue was discovered in Gajim through 1.4.7. The vulnerability allows attackers, via crafted XML stanzas, to correct messages that were not sent by them. The attacker needs to be part of the group chat or single chat. The fixed version is 1.5.0.
How to fix CVE-2022-39835
No fixed version has been published yet. Mitigate by removing the affected package or applying upstream guidance from the references below.
- Debian/gajim—no fix listed
Is CVE-2022-39835 being exploited?
Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |