Security Advisory

CVE-2022-24968

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-02-11 18:16:54

Last updated 2024-08-03 04:29:01

Assigner mitre

State PUBLISHED

Description

In Mellium mellium.im/xmpp through 0.21.0, an attacker capable of spoofing DNS TXT records can redirect a WebSocket connection request to a server under their control without causing TLS certificate verification to fail. This occurs because the wrong host name is selected during this verification.

← Browse all CVEs View on cve.org ↗