Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
1 vulnerability by xithrius
CVE-2023-38688 (GCVE-0-2023-38688)
Vulnerability from cvelistv5 – Published: 2023-08-04 16:18 – Updated: 2024-10-09 16:26
VLAI
Title
twitch-tui's connection is not encrypted
Summary
twitch-tui provides Twitch chat in a terminal. Prior to version 2.4.1, the connection is not using TLS for communication. In the configuration of the irc connection, the software disables TLS, which makes all communication to Twitch IRC servers unencrypted. As a result, communication, including auth tokens, can be sniffed. Version 2.4.1 has a patch for this issue.
Severity
7.5 (High)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-311 - Missing Encryption of Sensitive Data
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/Xithrius/twitch-tui/security/a… | x_refsource_CONFIRM |
| https://github.com/Xithrius/twitch-tui/commit/74d… | x_refsource_MISC |
| https://github.com/Xithrius/twitch-tui/blob/340af… | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Xithrius | twitch-tui |
Affected:
< 2.4.1
|
|
| xithrius | twitch-tui |
Affected:
0 , < 2.4.1
(custom)
cpe:2.3:a:xithrius:twitch-tui:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:46:56.871Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/Xithrius/twitch-tui/security/advisories/GHSA-779w-xvpm-78jx",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/Xithrius/twitch-tui/security/advisories/GHSA-779w-xvpm-78jx"
},
{
"name": "https://github.com/Xithrius/twitch-tui/commit/74d13ddca35f8f0816f4933c229da1fd95c0350a",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Xithrius/twitch-tui/commit/74d13ddca35f8f0816f4933c229da1fd95c0350a"
},
{
"name": "https://github.com/Xithrius/twitch-tui/blob/340afc3c8c07a83289fe6ef614aa7563c8b70756/src/twitch/connection.rs#L23",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Xithrius/twitch-tui/blob/340afc3c8c07a83289fe6ef614aa7563c8b70756/src/twitch/connection.rs#L23"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:xithrius:twitch-tui:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "twitch-tui",
"vendor": "xithrius",
"versions": [
{
"lessThan": "2.4.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38688",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T16:17:10.822832Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T16:26:21.732Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "twitch-tui",
"vendor": "Xithrius",
"versions": [
{
"status": "affected",
"version": " \u003c 2.4.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "twitch-tui provides Twitch chat in a terminal. Prior to version 2.4.1, the connection is not using TLS for communication. In the configuration of the irc connection, the software disables TLS, which makes all communication to Twitch IRC servers unencrypted. As a result, communication, including auth tokens, can be sniffed. Version 2.4.1 has a patch for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-311",
"description": "CWE-311: Missing Encryption of Sensitive Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-04T16:18:15.288Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/Xithrius/twitch-tui/security/advisories/GHSA-779w-xvpm-78jx",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Xithrius/twitch-tui/security/advisories/GHSA-779w-xvpm-78jx"
},
{
"name": "https://github.com/Xithrius/twitch-tui/commit/74d13ddca35f8f0816f4933c229da1fd95c0350a",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Xithrius/twitch-tui/commit/74d13ddca35f8f0816f4933c229da1fd95c0350a"
},
{
"name": "https://github.com/Xithrius/twitch-tui/blob/340afc3c8c07a83289fe6ef614aa7563c8b70756/src/twitch/connection.rs#L23",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Xithrius/twitch-tui/blob/340afc3c8c07a83289fe6ef614aa7563c8b70756/src/twitch/connection.rs#L23"
}
],
"source": {
"advisory": "GHSA-779w-xvpm-78jx",
"discovery": "UNKNOWN"
},
"title": "twitch-tui\u0027s connection is not encrypted"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-38688",
"datePublished": "2023-08-04T16:18:15.288Z",
"dateReserved": "2023-07-24T16:19:28.363Z",
"dateUpdated": "2024-10-09T16:26:21.732Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}