WeeChat (aka Wee Enhanced Environment for Chat) 3.2 to 3.4 before 3.4.1 does not properly verify the TLS certificate of the server, after certain GnuTLS options are changed, which allows man-in-the-middle attackers to spoof a TLS chat server via an arbitrary certificate. NOTE: this only affects situations where weechat.network.gnutls_ca_system or weechat.network.gnutls_ca_user is changed without a WeeChat restart.
References
Link | Resource |
---|---|
https://github.com/weechat/weechat/issues/1763 | Exploit Issue Tracking Mitigation Third Party Advisory |
https://weechat.org/doc/security/WSA-2022-1/ | Exploit Vendor Advisory |
https://github.com/weechat/weechat/issues/1763 | Exploit Issue Tracking Mitigation Third Party Advisory |
https://weechat.org/doc/security/WSA-2022-1/ | Exploit Vendor Advisory |
Configurations
History
21 Nov 2024, 06:57
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/weechat/weechat/issues/1763 - Exploit, Issue Tracking, Mitigation, Third Party Advisory | |
References | () https://weechat.org/doc/security/WSA-2022-1/ - Exploit, Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : 4.0
v3 : 4.3 |
13 Apr 2022, 18:33
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:weechat:weechat:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : 4.0
v3 : 4.8 |
References | (MISC) https://weechat.org/doc/security/WSA-2022-1/ - Exploit, Vendor Advisory | |
References | (MISC) https://github.com/weechat/weechat/issues/1763 - Exploit, Issue Tracking, Mitigation, Third Party Advisory | |
CWE | CWE-295 |
02 Apr 2022, 17:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-04-02 17:15
Updated : 2024-11-21 06:57
NVD link : CVE-2022-28352
Mitre link : CVE-2022-28352
CVE.ORG link : CVE-2022-28352
JSON object : View
Products Affected
weechat
- weechat
CWE
CWE-295
Improper Certificate Validation