An gyara wani rauni (CVE-2023-28936) a cikin sabar taron tattaunawa na yanar gizo na Apache OpenMeetings, wanda ke ba da damar yin rikodin sabani da ɗakunan hira. Matsalar an sanya matakin haɗari mai mahimmanci. Rashin lafiyar yana faruwa ta hanyar tabbatar da kuskuren zanta da aka yi amfani da shi don haɗa sabbin mahalarta. Kwaron ya kasance tun lokacin da aka saki 2.0.0 kuma an gyara shi a cikin Sabunta OpenMeeting 7.1.0 na Apache da aka saki kwanaki da suka gabata.
Bugu da kari, an gyara lahani guda biyu marasa haɗari a cikin Apache OpenMeetings 7.1.0:
- CVE-2023-29032 - Yiwuwar tsallake tantancewa. Mai hari wanda ya san wasu mahimman bayanai game da mai amfani na iya kwaikwayon wani mai amfani.
- CVE-2023-29246 - Yiwuwar maye gurbin harafi da lambar da ba ta da siffa, wadda za a iya amfani da ita don aiwatar da lambar al'ada akan uwar garke idan kuna da damar shiga asusun mai gudanarwa na OpenMeetings.
source: budenet.ru
