CVE-2021-39215
7.5 HIGHJitsi Meet is an open source video conferencing application
Published: 2021-09-15 · Last updated: 2026-06-17
Severity and scoring
- CVSS
- 7.5 HIGH
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- CWE
- CWE-287
Affected products
| Vendor | Product |
|---|---|
| 8x8 | jitsi_meet |
Description
Jitsi Meet is an open source video conferencing application. In versions prior to 2.0.5963, a Prosody module allows the use of symmetrical algorithms to validate JSON web tokens. This means that tokens generated by arbitrary sources can be used to gain authorization to protected rooms. This issue is fixed in Jitsi Meet 2.0.5963. There are no known workarounds aside from updating.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2021-39215
- [Patch]https://github.com/jitsi/jitsi-meet/pull/9319
- [Other]https://github.com/jitsi/jitsi-meet/security/advisories/GHSA-45ff-37jm-xjfx
- [Patch]https://github.com/jitsi/jitsi-meet/pull/9319
- [Other]https://github.com/jitsi/jitsi-meet/security/advisories/GHSA-45ff-37jm-xjfx
Related CVEs
Same vendor
- CVE-2021-39205 — Jitsi Meet is an open source video conferencing application (6.8 MEDIUM)
Same CWE
- CVE-2026-48780 — Forem is open source software for building communities (8.2 HIGH)
- CVE-2026-48114 — Metacat is data repository software that helps researchers preserve, share, and discover data (9.8 CRITICAL)
- CVE-2026-12183 — Nefteprodukttekhnika BUK TS-G Gas Station Automation System 2.9.1 through 2.10.2 on Linux contains an Improper Authentication vulnerabili... (9.8 CRITICAL)
- CVE-2026-50623 — An authentication bypass vulnerability exists in the OAuth2 TokenIntrospectionService in Apache CXF (4.8 MEDIUM)
- CVE-2026-48611 — Improper authentication checks in the OAuth implementation allow account hijacking even when OAuth is not configured or enabled leading t... (9.8 CRITICAL)