Any meeting chat history can be read and modified by an arbitrary user
Critical
8
8x8 Bounty
Submitted None
Team Summary
Official summary from 8x8 Bounty
A vulnerability existed where a `JaaS` user could read & modify the chat history of an `8x8 Meet` conference. It was limited by the fact that the meeting UUID was required to be known. The fix was promptly deployed to production.
Actions:
Reported by
pmnh
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Bounty
$1337.00
Submitted
Weakness
Incorrect Authorization