CVE-2023-28326: Missing Authentication for Critical Function

March 28, 2023 (updated November 7, 2023)

Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.0.0 Description: Attacker can elevate their privileges in any room

References

lists.apache.org/thread/r9vn12dp5yofn1h3wd5x4h7c3vmmr5d9
nvd.nist.gov/vuln/detail/CVE-2023-28326

Code Behaviors & Features

Detect and mitigate CVE-2023-28326 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →