CVE-2024-44081

In Jitsi Meet before 2.0.9779, the functionality to share a video file was implemented in an insecure way, resulting in clients loading videos from an arbitrary URL if a message from another participant contains a URL encoded in the expected format.
Configurations

Configuration 1 (hide)

cpe:2.3:a:8x8:jitsi_meet:*:*:*:*:*:*:*:*

History

10 Jul 2025, 19:34

Type Values Removed Values Added
References () https://github.com/jitsi/jitsi-meet/compare/jitsi-meet_9672...jitsi-meet_9673 - () https://github.com/jitsi/jitsi-meet/compare/jitsi-meet_9672...jitsi-meet_9673 - Patch
References () https://github.com/jitsi/security-advisories/blob/master/advisories/JSA-2024-0003.md - () https://github.com/jitsi/security-advisories/blob/master/advisories/JSA-2024-0003.md - Third Party Advisory
First Time 8x8
8x8 jitsi Meet
CPE cpe:2.3:a:8x8:jitsi_meet:*:*:*:*:*:*:*:*

21 Nov 2024, 09:36

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8
CWE CWE-79

01 Nov 2024, 12:57

Type Values Removed Values Added
Summary
  • (es) En Jitsi Meet anterior a 2.0.9779, la funcionalidad para compartir un archivo de video se implementó de manera insegura, lo que provocaba que los clientes cargaran videos desde una URL arbitraria si un mensaje de otro participante contenía una URL codificada en el formato esperado.

29 Oct 2024, 22:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-10-29 22:15

Updated : 2025-07-10 19:34


NVD link : CVE-2024-44081

Mitre link : CVE-2024-44081

CVE.ORG link : CVE-2024-44081


JSON object : View

Products Affected

8x8

  • jitsi_meet
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')