4.6 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L
4.7 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
15.7%
BigBlueButton is an open-source virtual classroom designed to help teachers teach and learners learn. An attacker with a valid join link to a meeting can trick BigBlueButton into generating a signed join link with additional parameters. One of those parameters may be “role=moderator”, allowing an attacker to join a meeting as moderator using a join link that was originally created for viewer access. This vulnerability has been patched in version(s) 2.6.18, 2.7.8 and 3.0.0-alpha.7.
[
{
"vendor": "bigbluebutton",
"product": "bigbluebutton",
"versions": [
{
"version": "< 2.6.18",
"status": "affected"
},
{
"version": ">= 2.7.0, < 2.7.8",
"status": "affected"
},
{
"version": ">= 2.8.0, < 3.0.0-alpha.7",
"status": "affected"
}
]
}
]
4.6 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L
4.7 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
15.7%