Multiple security flaws have been disclosed in Apache OpenMeetings, a web conferencing solution, that could be potentially exploited by malicious actors to seize control of admin accounts and run malicious code on susceptible servers.
“Attackers can bring the application into an unexpected state, which allows them to take over any user account, including the admin account,” Sonar vulnerability researcher Stefan Schiller said in a report shared with The Hacker News.
“The acquired admin privileges can further be leveraged to exploit another vulnerability allowing attackers to execute arbitrary code on the Apache OpenMeetings server.”
Following responsible disclosure on March 20, 2023, the vulnerabilities were addressed with the release of Openmeetings version 7.1.0 that was released on May 9, 2023. The list of three flaws is as follows –
- CVE-2023-28936 (CVSS score: 5.3) – Insufficient check of invitation hash
- CVE-2023-29032 (CVSS score: 8.1) – An authentication bypass that leads to unrestricted access via invitation hash
- CVE-2023-29246 (CVSS score: 7.2) – A NULL byte (%00) injection that allows an attacker with admin privileges to gain code execution
Meeting invites created using OpenMeetings come are not only bound to a specific room and a user but also come with a unique hash that’s used by the application to retrieve details associated with the invitation.
images from Hacker News