CVE-2022-43550
CVSS V2 None
CVSS V3 None
Description
A command injection vulnerability exists in Jitsi before commit 8aa7be58522f4264078d54752aae5483bfd854b2 when launching browsers on Windows which could allow an attacker to insert an arbitrary URL which opens up the opportunity to remote execution.
Overview
- CVE ID
- CVE-2022-43550
- Assigner
- support@hackerone.com
- Vulnerability Status
- Analyzed
- Published Version
- 2023-02-09T20:15:10
- Last Modified Date
- 2023-02-16T20:22:18
Weakness Enumerations
CPE Configuration (Product)
| CPE | Vulnerable | Operator | Version Start | Version End |
|---|---|---|---|---|
| AND | ||||
| cpe:2.3:a:jitsi:jitsi:*:*:*:*:*:*:*:* | 1 | OR | 2022-09-14 | |
| cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* | 0 | OR |
References
| Reference URL | Reference Tags |
|---|---|
| https://github.com/jitsi/jitsi/commit/8aa7be58522f4264078d54752aae5483bfd854b2 | Patch |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2022-43550 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43550 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2023-04-17 07:28:06 | Added to TrackCVE | |||
| 2023-04-17 07:28:09 | Weakness Enumeration | new |