Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Authentication Bypass: Forged Tokens Allow Access to Arbitrary Rooms
Vulnerability Description
Jitsi Meet is an open source video conferencing application. In versions prior to 2.0.5963, a Prosody module allows the use of symmetrical algorithms to validate JSON web tokens. This means that tokens generated by arbitrary sources can be used to gain authorization to protected rooms. This issue is fixed in Jitsi Meet 2.0.5963. There are no known workarounds aside from updating.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
认证机制不恰当
Vulnerability Title
Jitsi Meet 授权问题漏洞
Vulnerability Description
Jitsi Meet是是一组开源项目。使用户能够使用和部署具有最先进视频质量和功能的视频会议平台。 Jitsi Meet 2.0.5963之前的版本存在授权问题漏洞,该漏洞源于Prosody模块允许使用对称算法来验证JSON web令牌。这意味着可以使用任意源生成的令牌获得对受保护房间的授权。
CVSS Information
N/A
Vulnerability Type
N/A