Description
The OTR plugin for Gajim sends information in cleartext when using XHTML, which allows remote attackers to obtain sensitive information via unspecified vectors.
References (5)
Core 5
Core References
Permissions Required x_refsource_confirm
https://trac-plugins.gajim.org/changeset/c7c2e519ed63377bc943dd01c4661b0fe49321ae
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2016/10/30/2
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/94099
Issue Tracking, Patch x_refsource_confirm
https://dev.gajim.org/gajim/gajim-plugins/issues/145
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2016/10/30/11
Scores
CVSS v3
7.5
EPSS
0.0302
EPSS Percentile
85.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (1)
otr/gajim-otr
Published
Jan 13, 2017
Tracked Since
Feb 18, 2026