3 matches found
CVE-2020-29043
An issue was discovered in BigBlueButton through 2.2.29. When at attacker is able to view an accountactivations/edit?token= URI, the attacker can create an approved user account associated with an email address that has an arbitrary domain name...
CVE-2020-29043
BigBlueButton 2.2.29 (and earlier) contains an email-activation bypass: an attacker who can view the account_activations/edit?token= URI can create approved user accounts tied to arbitrary domain emails. The root cause is exposure of the verification token in the GET request, enabling unauthorize...
BigBlueButton 2.2.29 E-mail Validation Bypass
Title: BigBlueButton E-mail Validation Bypass Google Dork: N/A Date: 24.11.2020 Author: Seccops https://seccops.com Vendor Homepage: bigbluebutton.org Version: 2.2.29 and previous versions CVE: CVE-2020-29043 === Summary === An issue was discovered in BigBlueButton through 2.2.29. When at attacke...