UBUNTU-CVE-2026-43505

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2026-43505

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-43505.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2026-43505

Upstream

CVE-2026-43505

Published

2026-05-01T15:16:00Z

Modified

2026-05-20T16:26:02.610910024Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L CVSS Calculator
Ubuntu - medium

Summary

[none]

Details

An issue was discovered in Prosody before 0.12.6 and 1.0.0 through 13.0.0 before 13.0.5, when modproxy65 is enabled. Because modproxy65 mishandles access control in the activation scenario, relaying of unauthenticated traffic can occur.

References

Affected packages

Ubuntu:16.04:LTS

prosody

Package

Name: prosody
Purl: pkg:deb/ubuntu/prosody?arch=source&distro=xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.9.8-1

0.9.9-1

0.9.10-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "prosody",
            "binary_version": "0.9.10-1"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-43505.json"

Ubuntu:20.04:LTS

prosody

Package

Name: prosody
Purl: pkg:deb/ubuntu/prosody?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.11.2-1

0.11.3-1

0.11.4-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "prosody",
            "binary_version": "0.11.4-1"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-43505.json"

Ubuntu:22.04:LTS

prosody

Package

Name: prosody
Purl: pkg:deb/ubuntu/prosody?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.11.10-1

0.11.10-1build1

0.11.10-1build2

0.11.11-1

0.11.11-2

0.11.12-1

0.11.13-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "prosody",
            "binary_version": "0.11.13-1"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-43505.json"

Ubuntu:24.04:LTS

prosody

Package

Name: prosody
Purl: pkg:deb/ubuntu/prosody?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.12.3-1

0.12.4-1

0.12.4-1build1

0.12.4-1build2

0.12.4-1build3

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "prosody",
            "binary_version": "0.12.4-1build3"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-43505.json"

Ubuntu:25.10

prosody

Package

Name: prosody
Purl: pkg:deb/ubuntu/prosody?arch=source&distro=questing

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.12.5-1build1

13.*

13.0.1-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "prosody",
            "binary_version": "13.0.1-1"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-43505.json"

Ubuntu:26.04:LTS

prosody

Package

Name: prosody
Purl: pkg:deb/ubuntu/prosody?arch=source&distro=resolute

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

13.*

13.0.1-1

13.0.2-1

13.0.2-1build1

13.0.3-1

13.0.4-1

13.0.4-2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "prosody",
            "binary_version": "13.0.4-2"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-43505.json"

Ubuntu:Pro:18.04:LTS

prosody

Package

Name: prosody
Purl: pkg:deb/ubuntu/prosody?arch=source&distro=esm-apps%2Fbionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.9.12-2

0.10.0-1

0.10.0-1build1

0.10.0-1ubuntu0.1~esm1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "prosody",
            "binary_version": "0.10.0-1ubuntu0.1~esm1"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-43505.json"