oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE-2023-28326: Apache OpenMeetings: allows user impersonation

From: Maxim Solodovnik <solomax () apache org>
Date: Tue, 28 Mar 2023 10:09:24 +0000
Severity: critical

Description:

Vendor: The Apache Software Foundation

Versions Affected: Apache OpenMeetings from 2.0.0 before 7.0.0

Description: Attacker can elevate their privileges in any room

This issue is being tracked as OPENMEETINGS-2739 

Credit:

Dennis Zimmt (reporter)

References:

https://openmeetings.apache.org/
https://www.cve.org/CVERecord?id=CVE-2023-28326
https://issues.apache.org/jira/browse/OPENMEETINGS-2739
Previous By Date Next
Previous By Thread Next

Current thread: