You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user-russian@openmeetings.apache.org by Maxim Solodovnik <so...@apache.org> on 2023/05/12 01:14:09 UTC

CVE-2023-28936: Apache OpenMeetings: insufficient check of invitation hash

Severity: critical

Affected versions:

- Apache OpenMeetings 2.0.0 before 7.1.0

Description:

Attacker can access arbitrary recording/room

Vendor: The Apache Software Foundation

Versions Affected: Apache OpenMeetings from 2.0.0 before 7.1.0

This issue is being tracked as OPENMEETINGS-2762 

Credit:

Stefan Schiller (reporter)

References:

https://openmeetings.apache.org/
https://www.cve.org/CVERecord?id=CVE-2023-28936
https://issues.apache.org/jira/browse/OPENMEETINGS-2762