3 matches found
CVE-2022-29236
BigBlueButton is an open source web conferencing system. Starting in version 2.2 and prior to versions 2.3.18 and 2.4-rc-6, an attacker can circumvent access restrictions for drawing on the whiteboard. The permission check is inadvertently skipped on the server, due to a previously introduced gra...
CVE-2022-29236 Improper access control for pencil annotations in BigBlueButton
BigBlueButton is an open source web conferencing system. Starting in version 2.2 and prior to versions 2.3.18 and 2.4-rc-6, an attacker can circumvent access restrictions for drawing on the whiteboard. The permission check is inadvertently skipped on the server, due to a previously introduced gra...
CVE-2022-29236
CVE-2022-29236 affects BigBlueButton 2.2–2.3.17 and 2.4-rc-1–2.4-rc-5, where the server-side permission check for drawing on the whiteboard can be bypassed due to a previously introduced grace period. The attacker must be a meeting participant. The issue was fixed in versions 2.3.18 and 2.4-rc-6....