Critical severityNVD Advisory· Published Jun 16, 2019· Updated Aug 4, 2024
CVE-2019-12855
CVE-2019-12855
Description
In words.protocols.jabber.xmlstream in Twisted through 19.2.1, XMPP support did not verify certificates when used with TLS, allowing an attacker to MITM connections.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
TwistedPyPI | < 19.7.0rc1 | 19.7.0rc1 |
Affected products
15- Twisted/Twisteddescription
- ghsa-coords14 versionspkg:pypi/twistedpkg:rpm/opensuse/python-Twisted&distro=openSUSE%20Leap%2015.0pkg:rpm/opensuse/python-Twisted&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/python-Twisted&distro=openSUSE%20Tumbleweedpkg:rpm/suse/python-Twisted&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/python-Twisted&distro=SUSE%20Enterprise%20Storage%204pkg:rpm/suse/python-Twisted&distro=SUSE%20Enterprise%20Storage%205pkg:rpm/suse/python-Twisted&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2012pkg:rpm/suse/python-Twisted&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/python-Twisted&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/python-Twisted&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/python-Twisted&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/python-Twisted&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/python-Twisted&distro=SUSE%20Package%20Hub%2015
< 19.7.0rc1+ 13 more
- (no CPE)range: < 19.7.0rc1
- (no CPE)range: < 17.9.0-lp151.3.6.1
- (no CPE)range: < 17.9.0-lp151.3.6.1
- (no CPE)range: < 21.7.0-3.2
- (no CPE)range: < 15.2.1-9.8.1
- (no CPE)range: < 15.2.1-9.8.1
- (no CPE)range: < 15.2.1-9.8.1
- (no CPE)range: < 15.2.1-9.8.1
- (no CPE)range: < 15.2.1-9.8.1
- (no CPE)range: < 15.2.1-9.8.1
- (no CPE)range: < 15.2.1-9.8.1
- (no CPE)range: < 15.2.1-9.8.1
- (no CPE)range: < 15.2.1-9.8.1
- (no CPE)range: < 17.9.0-bp150.4.6.1
Patches
Vulnerability mechanics
References
15- lists.opensuse.org/opensuse-security-announce/2019-09/msg00013.htmlghsavendor-advisoryx_refsource_SUSEWEB
- lists.opensuse.org/opensuse-security-announce/2019-09/msg00028.htmlghsavendor-advisoryx_refsource_SUSEWEB
- github.com/advisories/GHSA-65rm-h285-5cc5ghsaADVISORY
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PLTZDMFBNFSJMBXYJNGJHENJA4H2TSMZ/mitrevendor-advisoryx_refsource_FEDORA
- nvd.nist.gov/vuln/detail/CVE-2019-12855ghsaADVISORY
- usn.ubuntu.com/4308-1/mitrevendor-advisoryx_refsource_UBUNTU
- usn.ubuntu.com/4308-2/mitrevendor-advisoryx_refsource_UBUNTU
- github.com/pypa/advisory-database/tree/main/vulns/twisted/PYSEC-2019-129.yamlghsaWEB
- github.com/twisted/twisted/pull/1147ghsax_refsource_MISCWEB
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PLTZDMFBNFSJMBXYJNGJHENJA4H2TSMZghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PLTZDMFBNFSJMBXYJNGJHENJA4H2TSMZghsaWEB
- twistedmatrix.com/trac/ticket/9561ghsax_refsource_MISCWEB
- usn.ubuntu.com/4308-1ghsaWEB
- usn.ubuntu.com/4308-2ghsaWEB
- www.oracle.com/security-alerts/cpuapr2020.htmlghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.