Home > Vulnerability Database > WS-2022-0462

Mend.io Vulnerability Database

WS-2022-0462

Date: November 18, 2022

In jitsi-meet, the poll feature used to send user JIDs and names included in protocol messages, rather than derive from the XMPP session of the sender. Consequently, anyone in the conference could send messages with fake senderId or voterId values, and arbitrarily forge polls and votes.

Language: TYPE_SCRIPT

Severity Score

7.5

Related Resources (2)

Url: https://github.com/jitsi/jitsi-meet/commit/ed139f53ca883573d252b166d052ba80b25790e9

Url: https://www.mend.io/vulnerability-database/WS-2022-0462

Severity Score

7.5

Weakness Type (CWE)

Improper Enforcement of Behavioral Workflow

CWE-841

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

WS-2022-0462

Date: November 18, 2022

Language: TYPE_SCRIPT

Severity Score

Related Resources (2)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?