Ukuba sengozini (CVE-2023-28936) kulungisiwe kuseva yenkomfa yewebhu ye-Apache OpenMeetings, evumela ukufinyelela ekurekhodweni okungafanele namagumbi okuxoxa. Inkinga inikezwe izinga elibucayi lengozi. Ukuba sengozini kubangelwa ukuqinisekiswa okungalungile kwe-hashi esetshenziselwa ukuxhuma ababambiqhaza abasha. Isiphazamisi besikhona kusukela kwakhululwa i-2.0.0 futhi salungiswa kusibuyekezo se-Apache OpenMeetings 7.1.0 esikhishwe ezinsukwini ezimbalwa ezedlule.
Ngaphezu kwalokho, ubungozi obuncane obubili bulungisiwe ku-Apache OpenMeetings 7.1.0:
- I-CVE-2023-29032 - Amathuba okudlula ukuqinisekiswa. Umhlaseli owazi ulwazi oluthile olubucayi mayelana nomsebenzisi angakwazi ukuzenza omunye umsebenzisi.
- I-CVE-2023-29246 - Ukufaka esikhundleni se-null kungasetshenziswa ukwenza ikhodi kuseva uma i-akhawunti yomqondisi we-OpenMeetings inokufinyelela.
Source: opennet.ru