CVE-2020-25019

jitsi-meet-electron (aka Jitsi Meet Electron) before 2.3.0 calls the Electron shell.openExternal function without verifying that the URL is for an http or https resource, in some circumstances.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 32%
VendorProductVersion
jitsimeet_electron
𝑥
< 2.3.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/jitsi/jitsi-meet-electron/commit/ca1eb702507fdc4400fe21c905a9f85702f92a14
https://github.com/jitsi/jitsi-meet-electron/releases/tag/v2.3.0
https://security.stackexchange.com/questions/225799
https://github.com/jitsi/jitsi-meet-electron/commit/ca1eb702507fdc4400fe21c905a9f85702f92a14
https://github.com/jitsi/jitsi-meet-electron/releases/tag/v2.3.0
https://security.stackexchange.com/questions/225799