CVE-2022-39835

{"id": "CVE-2022-39835", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2022-09-27T23:15:15.487", "references": [{"url": "https://dev.gajim.org/gajim/gajim/-/blob/master/ChangeLog", "tags": ["Release Notes", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://dev.gajim.org/gajim/gajim/-/tags", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Gajim through 1.4.7. The vulnerability allows attackers, via crafted XML stanzas, to correct messages that were not sent by them. The attacker needs to be part of the group chat or single chat. The fixed version is 1.5.0."}, {"lang": "es", "value": "Se ha descubierto un problema en Gajim a trav\u00e9s de la versi\u00f3n 1.4.7. La vulnerabilidad permite a los atacantes, a trav\u00e9s de estrofas XML manipuladas, corregir mensajes que no fueron enviados por ellos. El atacante necesita formar parte del chat de grupo o del chat individual. La versi\u00f3n corregida es la 1.5.0"}], "lastModified": "2022-09-28T22:29:45.700", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gajim:gajim:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2F934E42-8259-49E1-BFEE-6F099C45B487", "versionEndExcluding": "1.5.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}