{"id":"UBUNTU-CVE-2020-8086","details":"The mod_auth_ldap and mod_auth_ldap2 Community Modules through 2020-01-27 for Prosody incompletely verify the XMPP address passed to the is_admin() function. This grants remote entities admin-only functionality if their username matches the username of a local admin.","modified":"2025-10-24T04:48:19Z","published":"2020-01-28T17:15:00Z","upstream":["CVE-2020-8086"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-8086"},{"type":"REPORT","url":"https://hg.prosody.im/prosody-modules/rev/f2b29183ef08"},{"type":"REPORT","url":"https://prosody.im/security/advisory_20200128/"},{"type":"REPORT","url":"https://hg.prosody.im/prosody-modules/log/tip/mod_auth_ldap/mod_auth_ldap.lua"},{"type":"REPORT","url":"https://hg.prosody.im/prosody-modules/log/tip/mod_auth_ldap2/mod_auth_ldap2.lua"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2020-8086"}],"affected":[{"package":{"name":"prosody-modules","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/prosody-modules@0.0~hg20150813.12ac88940fe3-2?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["0.0~hg20150813.12ac88940fe3-2"],"ecosystem_specific":{"binaries":[{"binary_version":"0.0~hg20150813.12ac88940fe3-2","binary_name":"prosody-modules"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2020/UBUNTU-CVE-2020-8086.json"}},{"package":{"name":"prosody-modules","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/prosody-modules@0.0~hg20170929.c53cc1ae4788+dfsg-3?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["0.0~hg20170123.3ed504b944e5+dfsg-1","0.0~hg20170929.c53cc1ae4788+dfsg-2","0.0~hg20170929.c53cc1ae4788+dfsg-3"],"ecosystem_specific":{"binaries":[{"binary_version":"0.0~hg20170929.c53cc1ae4788+dfsg-3","binary_name":"prosody-modules"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2020/UBUNTU-CVE-2020-8086.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]}