CVE-2020-11878

Name of the Vulnerable Software and Affected Versions Jitsi Meet (aka docker-jitsi-meet) versions prior to stable-4384-1

Description The issue concerns the use of default passwords for system accounts in the Jitsi Meet stack on Docker. Specifically, default passwords such as passw0rd are used. There is no information provided about the estimated number of potentially affected devices or real-world incidents where this issue was exploited.

Recommendations For versions prior to stable-4384-1, update to stable-4384-1 or later to resolve the issue. As a temporary workaround, consider changing the default passwords for system accounts to unique, strong passwords until a patch is applied. Restrict access to system accounts to minimize the risk of exploitation.