Is there any hidden management interface on the web server

Hi,
I installed Jitsi-meet (version: 2.0.6865-2) and then Jigasi feature for testing. Our security department has warned us that there may be a vulnerability in our test server. They stated that the server is listening on the https port like a control server. As far as I know the port is used as a web interface for users to create and join conferences. Could it be another service considered as control interface on the https port? If so, what could cause it? Jigasi or Jitsi-meet 2.0.6865-2?
By the way, our Jitsi prod server does not have this problem. There is no Jigasi feature on the production server and its version is older than the test server.
Do you have any comment about it?
Regards,
Tufan

Which port?

Jicofo, JVB and Jigasi has a rest interface accessible from localhost to query for stats and health checks.

13 Eyl 2022 Sal, saat 20:18 tarihinde Damian Minkov via Jitsi Community Forum - developers & users <notifications@jitsi.discoursemail.com> şunu yazdı:

| damencho
September 13 |

  • | - |

Which port?

Jicofo, JVB and Jigasi has a rest interface accessible from localhost to query for stats and health checks.


Visit Topic or reply to this email to respond.

To unsubscribe from these emails, click here.

tcp 443

That is the https port where all meetings take place, so this is supposed to be publicly accessible and was always like that.

You need to get more information about the problem they see in opening that port?