2 matches found
CVE-2022-29235 Limited data exposure for shared external videos in BigBlueButton
BigBlueButton is an open source web conferencing system. Starting in version 2.2 and prior to versions 2.3.18 and 2.4-rc-6, an attacker who is able to obtain the meeting identifier for a meeting on a server can find information related to an external video being shared, like the current timestamp...
CVE-2022-29235
CVE-2022-29235 affects BigBlueButton: an information-disclosure in which an attacker who knows a meeting ID could access data about an external video being shared (current timestamp and play/pause). Affected versions: 2.2–2.3.17 and 2.4-rc-1 through 2.4-rc-5. The issue is fixed in 2.3.18 and 2.4-...