An gyara wani rauni (CVE-2023-28936) a cikin sabar taron tattaunawa na yanar gizo na Apache OpenMeetings, wanda ke ba da damar yin rikodin sabani da ɗakunan hira. Matsalar an sanya matakin haɗari mai mahimmanci. Rashin lafiyar yana faruwa ta hanyar tabbatar da kuskuren zanta da aka yi amfani da shi don haɗa sabbin mahalarta. Kwaron ya kasance tun lokacin da aka saki 2.0.0 kuma an gyara shi a cikin Sabunta OpenMeeting 7.1.0 na Apache da aka saki kwanaki da suka gabata.
Bugu da kari, an gyara lahani guda biyu marasa haɗari a cikin Apache OpenMeetings 7.1.0:
- CVE-2023-29032 - Yiwuwar tsallake tantancewa. Mai hari wanda ya san wasu mahimman bayanai game da mai amfani na iya kwaikwayon wani mai amfani.
- CVE-2023-29246 - Za a iya amfani da musanya maras amfani don aiwatar da lamba akan sabar idan asusun mai gudanarwa na OpenMeetings ya sami dama.
source: budenet.ru