PT-2021-20163 · Jitsi · Jitsi-Meet-Prosody

Simone Quatrini

Published

2021-05-26

Updated

2022-06-03

CVE-2021-33506

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions jitsi-meet-prosody versions prior to 2.0.5963-1

Description The issue allows an attacker to circumvent conference moderation because restrict room creation is not set by default. This can be exploited in Jitsi Meet, potentially leading to unauthorized access or control over conferences.

Recommendations For versions prior to 2.0.5963-1, update to version 2.0.5963-1 or later to ensure restrict room creation is set by default, preventing attackers from circumventing conference moderation.

Fix

Incorrect Default Permissions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-276

Related Identifiers

CVE-2021-33506

Affected Products

Jitsi-Meet-Prosody

PT-2021-20163 · Jitsi · Jitsi-Meet-Prosody

CVE-2021-33506

Weakness Enumeration

Related Identifiers

Affected Products

References · 6