twitch-tui provides Twitch chat in a terminal. Prior to version 2.4.1, the connection is not using TLS for communication. In the configuration of the irc connection, the software disables TLS, which makes all communication to Twitch IRC servers unencrypted. As a result, communication, including auth tokens, can be sniffed. Version 2.4.1 has a patch for this issue.
References
Configurations
History
21 Nov 2024, 08:14
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/Xithrius/twitch-tui/blob/340afc3c8c07a83289fe6ef614aa7563c8b70756/src/twitch/connection.rs#L23 - Product | |
References | () https://github.com/Xithrius/twitch-tui/commit/74d13ddca35f8f0816f4933c229da1fd95c0350a - Patch | |
References | () https://github.com/Xithrius/twitch-tui/security/advisories/GHSA-779w-xvpm-78jx - Vendor Advisory | |
Summary |
|
09 Aug 2023, 21:05
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:xithrius:twitch-tui:*:*:*:*:*:rust:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
References | (MISC) https://github.com/Xithrius/twitch-tui/commit/74d13ddca35f8f0816f4933c229da1fd95c0350a - Patch | |
References | (MISC) https://github.com/Xithrius/twitch-tui/blob/340afc3c8c07a83289fe6ef614aa7563c8b70756/src/twitch/connection.rs#L23 - Product | |
References | (MISC) https://github.com/Xithrius/twitch-tui/security/advisories/GHSA-779w-xvpm-78jx - Vendor Advisory |
04 Aug 2023, 17:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-08-04 17:15
Updated : 2024-11-21 08:14
NVD link : CVE-2023-38688
Mitre link : CVE-2023-38688
CVE.ORG link : CVE-2023-38688
JSON object : View
Products Affected
xithrius
- twitch-tui
CWE
CWE-311
Missing Encryption of Sensitive Data