In Jitsi Meet before 2.0.9779, the functionality to share a video file was implemented in an insecure way, resulting in clients loading videos from an arbitrary URL if a message from another participant contains a URL encoded in the expected format.
References
Link | Resource |
---|---|
https://github.com/jitsi/jitsi-meet/compare/jitsi-meet_9672...jitsi-meet_9673 | Patch |
https://github.com/jitsi/security-advisories/blob/master/advisories/JSA-2024-0003.md | Third Party Advisory |
Configurations
History
10 Jul 2025, 19:34
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/jitsi/jitsi-meet/compare/jitsi-meet_9672...jitsi-meet_9673 - Patch | |
References | () https://github.com/jitsi/security-advisories/blob/master/advisories/JSA-2024-0003.md - Third Party Advisory | |
First Time |
8x8
8x8 jitsi Meet |
|
CPE | cpe:2.3:a:8x8:jitsi_meet:*:*:*:*:*:*:*:* |
21 Nov 2024, 09:36
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
CWE | CWE-79 |
01 Nov 2024, 12:57
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
29 Oct 2024, 22:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-10-29 22:15
Updated : 2025-07-10 19:34
NVD link : CVE-2024-44081
Mitre link : CVE-2024-44081
CVE.ORG link : CVE-2024-44081
JSON object : View
Products Affected
8x8
- jitsi_meet
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')