EUVD-2022-52725

Malicious code in bioql PyPI...

BigBlueButton has an unspecified vulnerability (CNVD-2022-82634)

BigBlueButton is an open source Web conferencing system from the BigBlueButton community. BigBlueButton Greenlight has a security vulnerability that could be exploited by an attacker to view the settings of any room...

CVE-2022-31039 Improper privilege management - Anyone can view room settings in GreenLight

Greenlight is a simple front-end interface for your BigBlueButton server. In affected versions an attacker can view any room's settings even though they are not authorized to do so. Only the room owner and administrator should be able to view a room's settings. This issue has been patched in...

CVE-2022-31039 Improper privilege management - Anyone can view room settings in GreenLight

Greenlight is a simple front-end interface for your BigBlueButton server. In affected versions an attacker can view any room's settings even though they are not authorized to do so. Only the room owner and administrator should be able to view a room's settings. This issue has been patched in...

Improper privilege management - Anyone can view room settings.

Description Hi bigbluebutton maintainers, I would like to report an improper privilege management, this allows anyone to view any room settings. Proof of Concept 1. To demonstrate the vulnerability, I've created a room https://demo.bigbluebutton.org/gl/hoa-j4s-sxx-5gn 2. Run this curl command to...