Lucene search

[email protected]NVD:CVE-2020-25019

HistoryAug 29, 2020 - 5:15 p.m.

CVE-2020-25019

2020-08-2917:15:11

CWE-345

[email protected]

web.nvd.nist.gov

security vulnerability

electron

url verification

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

49.1%

JSON

jitsi-meet-electron (aka Jitsi Meet Electron) before 2.3.0 calls the Electron shell.openExternal function without verifying that the URL is for an http or https resource, in some circumstances.

Affected configurations

Nvd

Node

jitsimeet_electronRange<2.3.0

VendorProductVersionCPE
jitsimeet_electron*cpe:2.3:a:jitsi:meet_electron:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
jitsi	meet_electron	*	cpe:2.3:a:jitsi:meet_electron::::::::

References

github.com/jitsi/jitsi-meet-electron/commit/ca1eb702507fdc4400fe21c905a9f85702f92a14

github.com/jitsi/jitsi-meet-electron/releases/tag/v2.3.0

security.stackexchange.com/questions/225799

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

49.1%

JSON

Related for NVD:CVE-2020-25019

cve1 cvelist1 osv1 prion1