Description

Jitsi Meet is an open source video conferencing application. In versions prior to 2.0.5963, a Prosody module allows the use of symmetrical algorithms to validate JSON web tokens. This means that tokens generated by arbitrary sources can be used to gain authorization to protected rooms. This issue is fixed in Jitsi Meet 2.0.5963. There are no known workarounds aside from updating.

Related CPE's

a

8x8

jitsi_meet

2.0.5963

Vulnerable

References

https://github.com/jitsi/jitsi-meet/pull/9319

PatchThird Party Advisory

https://github.com/jitsi/jitsi-meet/security/advisories/GHSA-45ff-37jm-xjfx

Third Party Advisory

Weaknesses

[email protected]

Primary
CWE-287

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.5 · High

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2021-09-15T18:15:09.323

3 years ago

Last modified

2021-09-28T18:38:00.607

3 years ago