CVE-2021-39215

CVE Database · CVE-2021-39215

CVE-2021-39215

· HIGHModified

CVSS v3.1

7.5

EPSS

1.20%

Published

Sep 15, 2021

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Jitsi Meet is an open source video conferencing application. In versions prior to 2.0.5963, a Prosody module allows the use of symmetrical algorithms to validate JSON web tokens. This means that tokens generated by arbitrary sources can be used to gain authorization to protected rooms. This issue is fixed in Jitsi Meet 2.0.5963. There are no known workarounds aside from updating.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Weaknesses (CWE)

CWE-287

Affected Products (1)

8x8 · jitsi_meetvulnerable

References (4)

https://github.com/jitsi/jitsi-meet/pull/9319

PatchThird Party Advisory

https://github.com/jitsi/jitsi-meet/security/advisories/GHSA-45ff-37jm-xjfx

Third Party Advisory

https://github.com/jitsi/jitsi-meet/pull/9319

PatchThird Party Advisory

https://github.com/jitsi/jitsi-meet/security/advisories/GHSA-45ff-37jm-xjfx

Third Party Advisory

KEV Catalog EPSS Scores Vendors All CVEs