← Volver a CVEs
CVE-2013-6404
N/ADescripcion
Quassel core (server daemon) in Quassel IRC before 0.9.2 does not properly verify the user ID when accessing user backlogs, which allows remote authenticated users to read other users' backlogs via the bufferid in (1) 16/select_buffer_by_id.sql, (2) 16/select_buffer_by_id.sql, and (3) 16/select_buffer_by_id.sql in core/SQL/PostgreSQL/.
Detalles CVE
Puntuacion CVSS v3.1N/A
Publicado12/9/2013
Ultima modificacion4/29/2026
Fuentenvd
Avistamientos honeypot0
Productos afectados
quassel-irc:quassel_irc
Debilidades (CWE)
CWE-264
Referencias
http://lists.opensuse.org/opensuse-updates/2013-12/msg00092.html(secalert@redhat.com)
http://lists.opensuse.org/opensuse-updates/2014-01/msg00078.html(secalert@redhat.com)
http://osvdb.org/100432(secalert@redhat.com)
http://quassel-irc.org/node/123(secalert@redhat.com)
http://secunia.com/advisories/55640(secalert@redhat.com)
http://www.openwall.com/lists/oss-security/2013/11/28/8(secalert@redhat.com)
https://exchange.xforce.ibmcloud.com/vulnerabilities/89377(secalert@redhat.com)
https://github.com/quassel/quassel/commit/a1a24da(secalert@redhat.com)
http://lists.opensuse.org/opensuse-updates/2013-12/msg00092.html(af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-updates/2014-01/msg00078.html(af854a3a-2127-422b-91ae-364da2661108)
http://osvdb.org/100432(af854a3a-2127-422b-91ae-364da2661108)
http://quassel-irc.org/node/123(af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/55640(af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2013/11/28/8(af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/89377(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/quassel/quassel/commit/a1a24da(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.