VYPR

Jitsi Meet

by Jitsi

Source repositories

CVEs (7)

  • CVE-2024-44081CriOct 29, 2024
    risk 0.64cvss 9.8epss 0.01

    In Jitsi Meet before 2.0.9779, the functionality to share a video file was implemented in an insecure way, resulting in clients loading videos from an arbitrary URL if a message from another participant contains a URL encoded in the expected format.

  • CVE-2020-11878CriApr 17, 2020
    risk 0.64cvss 9.8epss 0.01

    The Jitsi Meet (aka docker-jitsi-meet) stack on Docker before stable-4384-1 uses default passwords (such as passw0rd) for system accounts.

  • CVE-2024-33530HigMay 2, 2024
    risk 0.49cvss 7.5epss 0.01

    In Jitsi Meet before 9391, a logic flaw in password-protected Jitsi meetings (that make use of a lobby) leads to the disclosure of the meeting password when a user is invited to a call after waiting in the lobby.

  • CVE-2021-39215HigSep 15, 2021
    risk 0.00cvss 7.5epss 0.01

    Jitsi Meet is an open source video conferencing application. In versions prior to 2.0.5963, a Prosody module allows the use of symmetrical algorithms to validate JSON web tokens. This means that tokens generated by arbitrary sources can be used to gain authorization to protected…

  • CVE-2021-39205MedSep 15, 2021
    risk 0.00cvss 6.8epss 0.01

    Jitsi Meet is an open source video conferencing application. Versions prior to 2.0.6173 are vulnerable to client-side cross-site scripting via injecting properties into JSON objects that were not properly escaped. There are no known incidents related to this vulnerability being…

  • CVE-2021-33506HigMay 26, 2021
    risk 0.00cvss 7.5epss 0.01

    jitsi-meet-prosody in Jitsi Meet before 2.0.5963-1 does not ensure that restrict_room_creation is set by default. This can allow an attacker to circumvent conference moderation.

  • CVE-2020-25019HigAug 29, 2020
    risk 0.00cvss 7.5epss 0.01

    jitsi-meet-electron (aka Jitsi Meet Electron) before 2.3.0 calls the Electron shell.openExternal function without verifying that the URL is for an http or https resource, in some circumstances.