Relative Path Traversal in jitsi/jicofo
Nov 15th 2021
misconfigurations of nginx lead to a path traversal vulnerability.
Proof of Concept
a request to
/shibboleth-sp../ can get any file under
An attacker can access files on the web server to which they should not have access.
A jitsi/jicofo maintainer validated this vulnerability a year ago
pupu.eth has been awarded the disclosure bounty
The fix bounty is now up for grabs
A jitsi/jicofo maintainer marked this as fixed with commit f4ba60 a year ago
This vulnerability will not receive a CVE
to join this conversation