The Jitsi VideoBridge failed to properly handle JSON messages with duplicate colibriClass keys, enabling clients to send messages interpreted differently by the bridge and resulting in unauthorized actions within video conferences.
Jitsi Security Advisory has been published:
https://hackerone.com/reports/2095061