CVE-2021-39215
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Jitsi Meet is an open source video conferencing application. In versions prior to 2.0.5963, a Prosody module allows the use of symmetrical algorithms to validate JSON web tokens. This means that tokens generated by arbitrary sources can be used to gain authorization to protected rooms. This issue is fixed in Jitsi Meet 2.0.5963. There are no known workarounds aside from updating.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| jitsi | jitsi-meet | < 2.0.5963 | affected |
Weaknesses
- CWE-287: CWE-287: Improper Authentication
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/jitsi/jitsi-meet/security/advisories/GHSA-45ff-37jm-xjfx
- https://github.com/jitsi/jitsi-meet/pull/9319
References
- https://github.com/jitsi/jitsi-meet/security/advisories/GHSA-45ff-37jm-xjfx
- https://github.com/jitsi/jitsi-meet/pull/9319
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.