Miggo Logo
Miggo Vulnerability Database
CVE-2023-38688

CVE-2023-38688: twitch-tui's connection is not encrypted

7.5

CVSS Score
3.1

Basic Information

CVE ID
CVE-2023-38688
GHSA ID
GHSA-779w-xvpm-78jx
EPSS Score
0.67149%
CWE
CWE-311
Published
7/31/2023
Updated
11/6/2023
KEV Status
No
Technology
TechnologyRust

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
twitch-tuirust< 2.4.12.4.1

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from the insecure configuration in create_client_stream where TLS was explicitly disabled (use_tls=false) and a non-TLS port (6667) was used. The patch in commit 74d13dd directly addresses this by setting 'use_tls: Some(true)' and switching to port 6697 (standard TLS port for IRC). The CWE-311 mapping and advisory references confirm this function's configuration was the root cause.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

### Summ*ry T** *onn**tion is not usin* TLS *or *ommuni**tion ### **t*ils In t** *on*i*ur*tion o* t** ir* *onn**tion, [you *r* *is**lin* tls](*ttps://*it*u*.*om/Xit*rius/twit**-tui/*lo*/****************************************/sr*/twit**/*onn**tion.

Reasoning

T** vuln*r**ility st*ms *rom t** ins**ur* *on*i*ur*tion in *r**t*_*li*nt_str**m w**r* TLS w*s *xpli*itly *is**l** (us*_tls=**ls*) *n* * non-TLS port (****) w*s us**. T** p*t** in *ommit ******* *ir**tly ***r*ss*s t*is *y s*ttin* 'us*_tls: Som*(tru*)'