Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveGitHub_MCVE-2022-31065
HistoryJun 27, 2022 - 8:15 p.m.

CVE-2022-31065

2022-06-2720:15:08
CWE-79
GitHub_M
web.nvd.nist.gov
40
5
bigbluebutton
code execution
username
private chat
security vulnerability
web conferencing
cve-2022-31065

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

EPSS

0.001

Percentile

30.8%

JSON

BigBlueButton is an open source web conferencing system. In affected versions an attacker can embed malicious JS in their username and have it executed on the victim’s client. When a user receives a private chat from the attacker (whose username contains malicious JavaScript), the script gets executed. Additionally when the victim receives a notification that the attacker has left the session. This issue has been patched in version 2.4.8 and 2.5.0. There are no known workarounds for this issue.

Affected configurations

Nvd
Vulners
Node
bigbluebuttonbigbluebuttonRange2.42.4.8
OR
bigbluebuttonbigbluebuttonMatch2.3.0
OR
bigbluebuttonbigbluebuttonMatch2.4.9
OR
bigbluebuttonbigbluebuttonMatch2.5alpha1
OR
bigbluebuttonbigbluebuttonMatch2.5alpha2
OR
bigbluebuttonbigbluebuttonMatch2.5alpha3
OR
bigbluebuttonbigbluebuttonMatch2.5alpha4
OR
bigbluebuttonbigbluebuttonMatch2.5alpha5
OR
bigbluebuttonbigbluebuttonMatch2.5alpha6
OR
bigbluebuttonbigbluebuttonMatch2.5beta1
OR
bigbluebuttonbigbluebuttonMatch2.5beta2
OR
bigbluebuttonbigbluebuttonMatch2.5rc.1
OR
bigbluebuttonbigbluebuttonMatch2.5rc.2
OR
bigbluebuttonbigbluebuttonMatch2.5rc.3
OR
bigbluebuttonbigbluebuttonMatch2.5rc.4
VendorProductVersionCPE
bigbluebuttonbigbluebutton*cpe:2.3:a:bigbluebutton:bigbluebutton:*:*:*:*:*:*:*:*
bigbluebuttonbigbluebutton2.3.0cpe:2.3:a:bigbluebutton:bigbluebutton:2.3.0:*:*:*:*:*:*:*
bigbluebuttonbigbluebutton2.4.9cpe:2.3:a:bigbluebutton:bigbluebutton:2.4.9:*:*:*:*:*:*:*
bigbluebuttonbigbluebutton2.5cpe:2.3:a:bigbluebutton:bigbluebutton:2.5:alpha1:*:*:*:*:*:*
bigbluebuttonbigbluebutton2.5cpe:2.3:a:bigbluebutton:bigbluebutton:2.5:alpha2:*:*:*:*:*:*
bigbluebuttonbigbluebutton2.5cpe:2.3:a:bigbluebutton:bigbluebutton:2.5:alpha3:*:*:*:*:*:*
bigbluebuttonbigbluebutton2.5cpe:2.3:a:bigbluebutton:bigbluebutton:2.5:alpha4:*:*:*:*:*:*
bigbluebuttonbigbluebutton2.5cpe:2.3:a:bigbluebutton:bigbluebutton:2.5:alpha5:*:*:*:*:*:*
bigbluebuttonbigbluebutton2.5cpe:2.3:a:bigbluebutton:bigbluebutton:2.5:alpha6:*:*:*:*:*:*
bigbluebuttonbigbluebutton2.5cpe:2.3:a:bigbluebutton:bigbluebutton:2.5:beta1:*:*:*:*:*:*
Rows per page:
1-10 of 151

CNA Affected

[
  {
    "product": "bigbluebutton",
    "vendor": "bigbluebutton",
    "versions": [
      {
        "status": "affected",
        "version": "< 2.4.8"
      }
    ]
  }
]

Social References

More

Related

osv 1
cnvd 1
cvelist 1
nvd 1
prion 1
osv
osv
CVE-2022-31065
2022-06-27 20:15:08
cnvd
cnvd
BigBlueButton Cross-Site Scripting Vulnerability (CNVD-2022-58952)
2022-06-30 00:00:00
cvelist
cvelist
CVE-2022-31065 Cross site scripting vulnerability for private chat in bigbluebutton
2022-06-27 19:45:21
nvd
nvd
CVE-2022-31065
2022-06-27 20:15:08
prion
prion
Design/Logic Flaw
2022-06-27 20:15:00

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

EPSS

0.001

Percentile

30.8%

JSON
Related for CVE-2022-31065
osv1cnvd1cvelist1nvd1prion1