We found results for “”
WS-2022-0462
Good to know:
Date: November 18, 2022
In jitsi-meet, the poll feature used to send user JIDs and names included in protocol messages, rather than derive from the XMPP session of the sender. Consequently, anyone in the conference could send messages with fake senderId or voterId values, and arbitrarily forge polls and votes.
Language: TYPE_SCRIPT
Severity Score
Severity Score
Weakness Type (CWE)
Improper Enforcement of Behavioral Workflow
CWE-841Top Fix
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | NONE |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | HIGH |
Integrity (I): | NONE |
Availability (A): | NONE |