In Jitsi Meet before 2.0.9779, the functionality to share a video file was implemented in an insecure way, resulting in clients loading videos from an arbitrary URL if a message from another participant contains a URL encoded in the expected format.
Metrics
Affected Vendors & Products
References
History
Fri, 22 Nov 2024 12:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-79 | |
Metrics |
cvssV3_1
|
Tue, 29 Oct 2024 21:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | In Jitsi Meet before 2.0.9779, the functionality to share a video file was implemented in an insecure way, resulting in clients loading videos from an arbitrary URL if a message from another participant contains a URL encoded in the expected format. | |
References |
|

Status: PUBLISHED
Assigner: mitre
Published: 2024-10-29T00:00:00
Updated: 2024-10-30T14:47:10.217Z
Reserved: 2024-08-19T00:00:00
Link: CVE-2024-44081

No data.

Status : Awaiting Analysis
Published: 2024-10-29T22:15:03.730
Modified: 2024-11-21T09:36:15.807
Link: CVE-2024-44081

No data.