CVE-2024-44080

Published: Oct 29, 2024Modified: Jul 10, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploitability: 3.9 / Impact: 3.6

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

In Jitsi Meet before 2.0.9779, the functionality to share an image using giphy was implemented in an insecure way, resulting in clients loading GIFs from any arbitrary URL if a message from another participant contains a URL encoded in the expected format.

Affected (1)

Products: 8x8: Jitsi Meet

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
8x8 Jitsi Meet	Before 2.0.9779

Related CWEs

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (2)

https://github.com/jitsi/jitsi-meet/compare/jitsi-meet_9672...jitsi-meet_9673

Source: cve@mitre.org

Product

https://github.com/jitsi/security-advisories/blob/master/advisories/JSA-2024-0002.md

Source: cve@mitre.org

Third Party Advisory

Timeline

No history available yet.