Home > Vulnerability Database > WS-2022-0462

Mend.io Vulnerability Database

WS-2022-0462

Good to know:

Date: November 18, 2022

In jitsi-meet, the poll feature used to send user JIDs and names included in protocol messages, rather than derive from the XMPP session of the sender. Consequently, anyone in the conference could send messages with fake senderId or voterId values, and arbitrarily forge polls and votes.

Language: TYPE_SCRIPT

Severity Score

7.5

Related Resources (2)

Url: https://github.com/jitsi/jitsi-meet/commit/ed139f53ca883573d252b166d052ba80b25790e9

Url: https://www.mend.io/vulnerability-database/WS-2022-0462

Severity Score

7.5

Weakness Type (CWE)

Improper Enforcement of Behavioral Workflow

CWE-841

Top Fix

Upgrade Version

Upgrade to version stable/jitsi-meet_8044

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

WS-2022-0462

Good to know:

Date: November 18, 2022

Language: TYPE_SCRIPT

Severity Score

Related Resources (2)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?