=====================================================================

                               CERT-Renater

                    Note d'Information No. 2023/VULN118

_____________________________________________________________________

DATE                : 28/03/2023

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Apache OpenMeetings versions
                                  prior to 7.0.0.

=====================================================================
https://lists.apache.org/thread/v9vbdzzg92t4l0ypq7g3sjdwk4fhto6l
_____________________________________________________________________


CVE-2023-28326: Apache OpenMeetings: allows user impersonation
Severity: critical

Description:

Vendor: The Apache Software Foundation

Versions Affected: Apache OpenMeetings from 2.0.0 before 7.0.0

Description: Attacker can elevate their privileges in any room

This issue is being tracked as OPENMEETINGS-2739
Credit:

Dennis Zimmt (reporter)

References:

https://openmeetings.apache.org/
https://www.cve.org/CVERecord?id=CVE-2023-28326
https://issues.apache.org/jira/browse/OPENMEETINGS-2739



=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================