PT-2021-22467 · Unknown · Jitsi Meet

Aaronkvanmeerten

Published

2021-09-15

Updated

2021-09-28

CVE-2021-39215

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Jitsi Meet versions prior to 2.0.5963

Description Jitsi Meet is an open source video conferencing application. In versions prior to 2.0.5963, a Prosody module allows the use of symmetrical algorithms to validate JSON web tokens. This means that tokens generated by arbitrary sources can be used to gain authorization to protected rooms.

Recommendations For versions prior to 2.0.5963, update to Jitsi Meet 2.0.5963 to resolve the issue. As a temporary workaround, consider restricting access to protected rooms until the update is applied.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2021-39215

GHSA-45FF-37JM-XJFX

Affected Products

Jitsi Meet

PT-2021-22467 · Unknown · Jitsi Meet

CVE-2021-39215

Weakness Enumeration

Related Identifiers

Affected Products

References · 7