N/A

An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for Jitsi 2.5.5061 - 2.9.5544.

N/A

N/A

Jitsi 安全漏洞

Jitsi是一套开源的、使用ZRTP加密的SIP/XMPP通信工具。 Jitsi 2.5.5061版本至2.9.5544版本中存在安全漏洞，该漏洞源于程序没有正确的实现‘XEP-0280: Message Carbons’。远程攻击者可利用该漏洞冒充任意用户。

N/A

N/A