CVE-2020-25019

high

Description

jitsi-meet-electron (aka Jitsi Meet Electron) before 2.3.0 calls the Electron shell.openExternal function without verifying that the URL is for an http or https resource, in some circumstances.

References

Advisories
More

https://github.com/jitsi/jitsi-meet-electron/releases/tag/v2.3.0

https://github.com/jitsi/jitsi-meet-electron/commit/ca1eb702507fdc4400fe21c905a9f85702f92a14

https://security.stackexchange.com/questions/225799

https://github.com/jitsi/security-advisories/blob/master/advisories/JSA-2020-0001.md

https://github.com/jitsi/jitsi-meet-electron/security/advisories/GHSA-x4h8-fhrp-pm3p

Details

Source: Mitre, NVD

Published: 2020-08-29

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Severity: High

EPSS

EPSS: 0.00135

Detections

Analytics