Ubuthathaka (i-CVE-2023-28936) ilungisiwe kwi-Apache OpenMeetings iseva yenkomfa yewebhu, evumela ukufikelela kurekhodisho olungenasizathu kunye namagumbi okuxoxa. Ingxaki inikwe inqanaba elibalulekileyo lengozi. Ubuthathaka bubangelwa ukuqinisekiswa okungalunganga kwe-hash esetyenziselwa ukudibanisa abathathi-nxaxheba abatsha. I-bug ikhona ukususela ekukhululweni kwe-2.0.0 kwaye yalungiswa kwi-Apache OpenMeetings 7.1.0 uhlaziyo olukhutshwe kwiintsuku ezimbalwa ezidlulileyo.
Ukongeza, izinto ezimbini ezinobungozi obungaphantsi zilungisiwe kwi-Apache OpenMeetings 7.1.0:
- I-CVE-2023-29032 -Inokwenzeka yokudlula ukuqinisekiswa. Umhlaseli owazi ulwazi oluthile olubuthathaka malunga nomsebenzisi unokuzenza omnye umsebenzisi.
- I-CVE-2023-29246 - Ukutshintshwa kwe-null kungasetyenziselwa ukwenza ikhowudi kumncedisi ukuba i-akhawunti yomlawuli we-OpenMeetings inokufikelela.
umthombo: opennet.ru