CVE-2021-39215

Authentication Bypass: Forged Tokens Allow Access to Arbitrary Rooms

Jitsi Meet is an open source video conferencing application. In versions prior to 2.0.5963, a Prosody module allows the use of symmetrical algorithms to validate JSON web tokens. This means that tokens generated by arbitrary sources can be used to gain authorization to protected rooms. This issue is fixed in Jitsi Meet 2.0.5963. There are no known workarounds aside from updating.

We have discovered 5 live websites that are affected by CVE-2021-39215.

Run a Free Instant Scan



Affected Software

Product  Jitsi
Category Live Chat
Vulnerable Domains5 live websites (1.52% of Jitsi install base)
Vulnerable Versions
  • from 0 through 2.0.5963
Vulnerable Versions Count0 versions ( less than 0.1% of all versions)


Common Weakness Enumeration

CWE-287 Improper Authentication



Details

  • Published - Sep 15, 2021
  • Updated - Aug 4, 2024

Website Distribution by Country

Number of websites using CVE-2021-39215
United States2 websites


France1 websites
Italy1 websites
Netherlands1 websites

Website Distribution by TLD

Number of websites using CVE-2021-39215
.com5 websites

Vulnerable Versions

Vulnerable versions are highlighted in red

Websites affected by CVE-2021-39215

Top websites that are affected by CVE-2021-39215. Please click on the "Contact us" link to get more information.
DomainCountryRankContacts
*******************.com France*,***,***
***************.com United States**,***,***
*******.********.com United States**,***,***
************.com Netherlands**,***,***
******.com Italy***,***,***
See full domain list

FAQ

CVE-2021-39215 is Improper Authentication in Jitsi
A total of 5 websites have been identified as vulnerable to CVE-2021-39215, based on global website indexing conducted by WebTechSurvey.
The Jitsi is affected by the CVE-2021-39215 vulnerability.
Jitsi versions up to 2.0.5963 are vulnerable to CVE-2021-39215.
CVE-2021-39215 is resolved in version 2.0.5963 of Jitsi.