CVE-2024-39302

🗓️ 28 Jun 2024 21:03:15Reported by GitHub_MType

BigBlueButton privilege escalation vulnerability in resque gem director

Reporter	Title	Published	Views	Family All 4
Cvelist	CVE-2024-39302 Some bbb-record-core files installed with wrong file permission	28 Jun 202420:51	–	cvelist
Vulnrichment	CVE-2024-39302 Some bbb-record-core files installed with wrong file permission	28 Jun 202420:51	–	vulnrichment
OSV	CVE-2024-39302	28 Jun 202421:15	–	osv
NVD	CVE-2024-39302	28 Jun 202421:15	–	nvd

Vulners

Node

bigbluebutton bigbluebuttonRange<2.6.18

bigbluebutton bigbluebuttonRange2.7.0–2.7.8

bigbluebutton bigbluebuttonRange2.8.0–3.0.0-alpha.7

[
  {
    "vendor": "bigbluebutton",
    "product": "bigbluebutton",
    "versions": [
      {
        "version": "<  2.6.18",
        "status": "affected"
      },
      {
        "version": ">= 2.7.0, < 2.7.8",
        "status": "affected"
      },
      {
        "version": ">= 2.8.0, < 3.0.0-alpha.7",
        "status": "affected"
      }
    ]
  }
]

Source	Link
github	www.github.com/bigbluebutton/bigbluebutton/commit/b9a46197ed924783f06a24381e923b3329b9c91a
github	www.github.com/bigbluebutton/bigbluebutton/security/advisories/GHSA-5966-9hw8-q96q
github	www.github.com/bigbluebutton/bigbluebutton/commit/f4502e4927609374f5356f824f5dac0101f9976a
github	www.github.com/bigbluebutton/bigbluebutton/commit/04e916798b6b1f53f88513df3168f009b57b8f18

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

28 Jun 2024 21:15Current

4Medium risk

Vulners AI Score4

CVSS33.7

EPSS0.00045

SSVC

CWE-269