3 matches found
CVE-2022-23488
BigBlueButton is an open source web conferencing system. Versions prior to 2.4-rc-6 are vulnerable to Insertion of Sensitive Information Into Sent Data. The moderators-only webcams lock setting is not enforced on the backend, which allows an attacker to subscribe to viewers' webcams, even when th...
CVE-2022-23488 BigBlueButton vulnerable to Insertion of Sensitive Information Into Sent Data
BigBlueButton is an open source web conferencing system. Versions prior to 2.4-rc-6 are vulnerable to Insertion of Sensitive Information Into Sent Data. The moderators-only webcams lock setting is not enforced on the backend, which allows an attacker to subscribe to viewers' webcams, even when th...
CVE-2022-23488
BigBlueButton prior to version 2.4-rc-6 is vulnerable: the moderators-only webcam lock is not enforced on the backend, allowing an attacker to subscribe to viewers’ webcams due to the streamId being sent to all users regardless of the lock. The issue is fixed in 2.4-rc-6. A remediation is to upgr...