CVE-2022-41960 BigBlueButton contains DoS via failed authToken validation

BigBlueButton is an open source web conferencing system. Versions prior to 2.4.3, are subject to Insufficient Verification of Data Authenticity, resulting in Denial of Service. An attacker can make a Meteor call to validateAuthToken using a victim's userId, meetingId, and an invalid authToken. Th...

CVE-2020-27602

BigBlueButton before 2.2.7 does not have a protection mechanism for separator injection in meetingId, userId, and authToken...

Code injection

BigBlueButton before 2.2.7 does not have a protection mechanism for separator injection in meetingId, userId, and authToken...

CVE-2020-27602

BigBlueButton before 2.2.7 does not have a protection mechanism for separator injection in meetingId, userId, and authToken...

PT-2020-16712 · Bigbluebutton · Bigbluebutton

Name of the Vulnerable Software and Affected Versions: BigBlueButton versions prior to 2.2.7 Description: The issue is related to a lack of protection mechanism for separator injection in meetingId, userId, and authToken. This affects the security of the system. Recommendations: For versions prio...