Clickjacking Vulnerability in Jitsi Web UI by Jitsi
CVE-2022-36736

6.1MEDIUM

Key Information:

Vendor

Jitsi

Status
Jitsi
Vendor
CVE Published:
8 September 2022

What is CVE-2022-36736?

A vulnerability has been identified in the Jitsi Meet web UI that permits attackers to execute a clickjacking attack through specially crafted HTTP requests. This flaw potentially allows malicious actors to manipulate the user interface and mislead users into interacting with unintended elements on the page. Despite its implications, the vendor has disputed this finding, suggesting the need for careful assessment and testing to evaluate its actual impact. Users of Jitsi Meet are advised to remain vigilant and follow security best practices.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://meet.jit.si/
x_refsource_MISC
https://github.com/UditChavda/Udit-Chavda-CVE/blob/main/C...
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.