PT-2024-25301 · Unknown · Jitsi Meet

Florian Port

Published

2024-03-18

Updated

2025-03-20

CVE-2024-33530

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:C/A:N

Name of the Vulnerable Software and Affected Versions Jitsi Meet versions prior to 9391

Description A logic flaw in password-protected Jitsi meetings that make use of a lobby leads to the disclosure of the meeting password when a user is invited to a call after waiting in the lobby. This issue potentially allows unauthorized individuals to gain the meeting password, bypassing security and joining private conferences.

Recommendations For Jitsi Meet versions prior to 9391, update to a version 9391 or later to resolve the issue. As a temporary workaround, consider restricting the use of password-protected meetings with lobbies until a patch is applied. Avoid using the lobby feature in password-protected meetings until the issue is resolved.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-640CWE-200

Related Identifiers

BDU:2025-01645

CVE-2024-33530

Affected Products

Jitsi Meet

PT-2024-25301 · Unknown · Jitsi Meet

CVE-2024-33530

Weakness Enumeration

Related Identifiers

Affected Products

References · 16