Vulnerability Details CVE-2020-25019
jitsi-meet-electron (aka Jitsi Meet Electron) before 2.3.0 calls the Electron shell.openExternal function without verifying that the URL is for an http or https resource, in some circumstances.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 35.6%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 4.3
References
- https://github.com/jitsi/jitsi-meet-electron/commit/ca1eb702507fdc4400fe21c905a9f85702f92a14
- https://github.com/jitsi/jitsi-meet-electron/releases/tag/v2.3.0
- https://github.com/jitsi/jitsi-meet-electron/security/advisories/GHSA-x4h8-fhrp-pm3p
- https://github.com/jitsi/security-advisories/blob/master/advisories/JSA-2020-0001.md
- https://security.stackexchange.com/questions/225799
- https://github.com/jitsi/jitsi-meet-electron/commit/ca1eb702507fdc4400fe21c905a9f85702f92a14
- https://github.com/jitsi/jitsi-meet-electron/releases/tag/v2.3.0
- https://security.stackexchange.com/questions/225799
Products affected by CVE-2020-25019
-
cpe:2.3:a:jitsi:meet_electron:-
-
cpe:2.3:a:jitsi:meet_electron:0.1.0
-
cpe:2.3:a:jitsi:meet_electron:1.0.0
-
cpe:2.3:a:jitsi:meet_electron:1.1.0
-
cpe:2.3:a:jitsi:meet_electron:1.1.1
-
cpe:2.3:a:jitsi:meet_electron:2.0.0
-
cpe:2.3:a:jitsi:meet_electron:2.0.1
-
cpe:2.3:a:jitsi:meet_electron:2.0.2
-
cpe:2.3:a:jitsi:meet_electron:2.1.0
-
cpe:2.3:a:jitsi:meet_electron:2.1.1
-
cpe:2.3:a:jitsi:meet_electron:2.2.0