Medium severity4.2NVD Advisory· Published Jul 30, 2018· Updated Jun 17, 2026
CVE-2018-10847
CVE-2018-10847
Description
prosody before versions 0.10.2, 0.9.14 is vulnerable to an Authentication Bypass. Prosody did not verify that the virtual host associated with a user session remained the same across stream restarts. A user may authenticate to XMPP host A and migrate their authenticated session to XMPP host B of the same Prosody instance.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1Patches
Vulnerability mechanics
References
5- blog.prosody.im/prosody-0-10-2-security-release/nvdVendor Advisory
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingThird Party Advisory
- issues.prosody.im/1147nvdVendor Advisory
- prosody.im/security/advisory_20180531/nvdVendor Advisory
- www.debian.org/security/2018/dsa-4216nvdThird Party Advisory
News mentions
0No linked articles in our index yet.