Qhov tsis zoo (CVE-2023-28936) tau raug kho nyob rau hauv Apache OpenMeetings web conferencing server, uas tso cai rau nkag mus rau cov ntaub ntawv tsis raug cai thiab chav sib tham. Qhov teeb meem tau muab ib qho tseem ceeb ntawm kev txaus ntshai. Qhov tsis zoo yog tshwm sim los ntawm kev txheeb xyuas tsis raug ntawm hash siv los txuas cov neeg tuaj koom tshiab. Cov kab no tau nyob ib puag ncig txij li tso tawm 2.0.0 thiab tau kho hauv Apache OpenMeetings 7.1.0 hloov tshiab tso tawm ob peb hnub dhau los.
Tsis tas li ntawd, ob qhov tsis txaus ntshai tsawg tau raug kho hauv Apache OpenMeetings 7.1.0:
- CVE-2023-29032 - Muaj peev xwm bypass authentication. Tus neeg tawm tsam uas paub qee cov ntaub ntawv rhiab ntawm tus neeg siv tuaj yeem ua lwm tus neeg siv.
- CVE-2023-29246 - Null hloov pauv tuaj yeem siv los ua cov cai ntawm tus neeg rau zaub mov yog tias OpenMeetings tus thawj tswj hwm tus account tau nkag mus.
Tau qhov twg los: opennet.ru