Design/Logic Flaw

2020-10-2115:15:00

PRIOn knowledge base

www.prio-n.com

4.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.9%

JSON

Greenlight in BigBlueButton through 2.2.28 places usernames in room URLs, which may represent an unintended information leak to users in a room, or an information leak to outsiders if any user publishes a screenshot of a browser window.

CPENameOperatorVersion
bigbluebuttonle2.2.28

CPE	Name	Operator	Version
	bigbluebutton	le	2.2.28

References

docs.bigbluebutton.org/admin/privacy.html