cbcvebase.
CVE-2022-43550
published 2023-02-09

CVE-2022-43550: A command injection vulnerability exists in Jitsi before commit 8aa7be58522f4264078d54752aae5483bfd854b2 when launching browsers on Windows which could allow…

PriorityP262critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.79%
75.7th percentile
A command injection vulnerability exists in Jitsi before commit 8aa7be58522f4264078d54752aae5483bfd854b2 when launching browsers on Windows which could allow an attacker to insert an arbitrary URL which opens up the opportunity to remote execution.

Affected

2 ranges
VendorProductVersion rangeFixed in
httpsgithub.com_jitsi
jitsijitsi< 2022-09-142022-09-14

Detection & IOCsextracted from sources · hover to see the quote

hash8aa7be58522f4264078d54752aae5483bfd854b2
  • Monitor Jitsi Desktop Client on Windows for process launches that include unexpected or malicious URL schemes passed as command-line arguments to browser processes, which may indicate command injection exploitation.
  • Inspect Jitsi Desktop Client interactions with malicious URL schemes on Windows; attacker-controlled URLs passed to the browser launcher may contain injected commands enabling RCE.
  • ·The vulnerability is Windows-specific; the command injection occurs in the browser-launching code path. Non-Windows deployments are not affected by this particular vector.
  • ·Only Jitsi Desktop Client versions prior to commit 8aa7be58522f4264078d54752aae5483bfd854b2 are vulnerable; patched versions are not affected.
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.