CVE-2021-39215

Jitsi Meet is an open source video conferencing application. In versions prior to 2.0.5963, a Prosody module allows the use of symmetrical algorithms to validate JSON web tokens. This means that tokens generated by arbitrary sources can be used to gain authorization to protected rooms. This issue is fixed in Jitsi Meet 2.0.5963. There are no known workarounds aside from updating.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
GitHub_MCNA
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 51%
Affected Products (NVD)
VendorProductVersion
8x8jitsi_meet
2.0.5963
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
jitsimeet
𝑥
< 2.0.5963
CNA
Common Weakness Enumeration
References
https://github.com/jitsi/jitsi-meet/pull/9319
https://github.com/jitsi/jitsi-meet/security/advisories/GHSA-45ff-37jm-xjfx
https://github.com/jitsi/jitsi-meet/pull/9319
https://github.com/jitsi/jitsi-meet/security/advisories/GHSA-45ff-37jm-xjfx