You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository was archived by the owner on May 25, 2025. It is now read-only.
Properly scoping the JWT means you could also run the token_no_wildcard contrib plugin, so that Jitsi Meet any rejects token containing wildcards in the sub or room parameters, which could limit the scope of another security issue.
jitsi-openidalways creates a JWT with a room claim set to*:jitsi-openid/src/routes.rs
Line 156 in eb7b9d7
The
roomis saved to the session, and is used in that same handler to construct a final URL to send to Jitsi Meet:jitsi-openid/src/routes.rs
Line 165 in eb7b9d7
Also, the
roomsession attribute itself is set from an external input:jitsi-openid/src/routes.rs
Lines 36 to 40 in eb7b9d7
This should reject setting it to
*.Properly scoping the JWT means you could also run the
token_no_wildcardcontrib plugin, so that Jitsi Meet any rejects token containing wildcards in thesuborroomparameters, which could limit the scope of another security issue.