Lucene search

GitHub_MCVELIST:CVE-2022-31039

HistoryJun 27, 2022 - 7:25 p.m.

CVE-2022-31039 Improper privilege management - Anyone can view room settings in GreenLight

2022-06-2719:25:12

CWE-269

GitHub_M

www.cve.org

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

5.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.4%

JSON

Greenlight is a simple front-end interface for your BigBlueButton server. In affected versions an attacker can view any room’s settings even though they are not authorized to do so. Only the room owner and administrator should be able to view a room’s settings. This issue has been patched in release version 2.12.6.

CNA Affected

[
  {
    "product": "greenlight",
    "vendor": "bigbluebutton",
    "versions": [
      {
        "status": "affected",
        "version": "< 2.12.6"
      }
    ]
  }
]

References

github.com/bigbluebutton/greenlight/pull/3508

github.com/bigbluebutton/greenlight/security/advisories/GHSA-phh8-3v6v-7498

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

5.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.4%

JSON

Related for CVELIST:CVE-2022-31039