PT-2024-8700 · 8X8 · Jitsi Meet
Mustafa Sanli
·
Published
2024-08-13
·
Updated
2025-07-10
·
CVE-2024-44081
CVSS v2.0
10
Critical
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Jitsi Meet versions prior to 2.0.9779
Description
The issue is related to the insecure implementation of the video file sharing functionality in Jitsi Meet. This allows a remote attacker to load arbitrary video files if a message from another participant contains a URL encoded in the expected format.
Recommendations
For versions prior to 2.0.9779, update to version 2.0.9779 or later to resolve the issue. As a temporary workaround, consider restricting the use of the video file sharing feature until a patch is applied.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Jitsi Meet