CVE-2020-27604
BigBlueButton before 2.3 does not implement LibreOffice sandboxing, enabling remote authenticated users to read the API shared secret in bigbluebutton.properties and potentially join arbitrary meetings via api/join regardless of guestPolicy. Affected software: BigBlueButton prior to 2.3. Root cau...