3 matches found
CVE-2022-41963
BigBlueButton is an open source web conferencing system. Versions prior to 2.4.3 contain a whiteboard grace period that exists to handle delayed messages, but this grace period could be used by attackers to take actions in the few seconds after their access is revoked. The attacker must be a...
CVE-2022-41963 BigBlueButton contains Improper Preservation of Permissions for whiteboard
BigBlueButton is an open source web conferencing system. Versions prior to 2.4.3 contain a whiteboard grace period that exists to handle delayed messages, but this grace period could be used by attackers to take actions in the few seconds after their access is revoked. The attacker must be a...
CVE-2022-41963
BigBlueButton contains an issue in the whiteboard grace period used to handle delayed messages. Versions prior to 2.4.3 allow a meeting participant with revoked access to take actions within a few seconds after revocation due to this grace period. The vulnerability is mitigated in version 2.4.3 a...