-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from improper authorization cleanup when users are deleted. The key issues were: 1) MultiUserChatManager's userDeleting only handled database persistence but not in-memory cache (as shown by the removed TODO comment), and 2) LocalMUCRoomManager's ROOM_CACHE maintained stale affiliations due to missing UserEventDispatcher integration. The patch adds user deletion handlers to MUCRoom and proper cache synchronization, confirming these were the vulnerable points.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.igniterealtime.openfire:xmppserver | maven | < 4.8.1 | 4.8.1 |
A Semantic Attack on Google Gemini - Read the Latest Research