Description

Jitsi Meet is an open source video conferencing application. In versions prior to 2.0.5963, a Prosody module allows the use of symmetrical algorithms to validate JSON web tokens. This means that tokens generated by arbitrary sources can be used to gain authorization to protected rooms. This issue is fixed in Jitsi Meet 2.0.5963. There are no known workarounds aside from updating.

Related CPE's

a

8x8

jitsi_meet

2.0.5963

Vulnerable

References

https://github.com/jitsi/jitsi-meet/pull/9319

PatchThird Party Advisory

https://github.com/jitsi/jitsi-meet/security/advisories/GHSA-45ff-37jm-xjfx

Third Party Advisory

https://github.com/jitsi/jitsi-meet/pull/9319

PatchThird Party Advisory

https://github.com/jitsi/jitsi-meet/security/advisories/GHSA-45ff-37jm-xjfx

Third Party Advisory

Weaknesses

[email protected]

Secondary
CWE-287

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.5 · High

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2021-09-15T16:15:09.323Z

4 years ago

Last modified

2024-11-21T05:18:55.400Z

1 year ago