8 matches found
CVE-2022-23488
BigBlueButton is an open source web conferencing system. Versions prior to 2.4-rc-6 are vulnerable to Insertion of Sensitive Information Into Sent Data. The moderators-only webcams lock setting is not enforced on the backend, which allows an attacker to subscribe to viewers' webcams, even when th...
CVE-2022-23488 BigBlueButton vulnerable to Insertion of Sensitive Information Into Sent Data
BigBlueButton is an open source web conferencing system. Versions prior to 2.4-rc-6 are vulnerable to Insertion of Sensitive Information Into Sent Data. The moderators-only webcams lock setting is not enforced on the backend, which allows an attacker to subscribe to viewers' webcams, even when th...
PT-2022-16022 · Unknown · Bigbluebutton
Name of the Vulnerable Software and Affected Versions: BigBlueButton versions prior to 2.4-rc-6 Description: The moderators-only webcams lock setting in BigBlueButton is not enforced on the backend. This allows an attacker to subscribe to viewers' webcams, even when the lock setting is applied, b...
CVE-2022-41962 BigBlueButton contains Incorrect Authorization for setting emoji status
BigBlueButton is an open source web conferencing system. Versions prior to 2.4-rc-6, and 2.5-alpha-1 contain Incorrect Authorization for setting emoji status. A user with moderator rights can use the clear status feature to set any emoji status for other users. Moderators should only be able to s...
CVE-2022-41961 BigBlueButton subject to Ineffective user bans
BigBlueButton is an open source web conferencing system. Versions prior to 2.4-rc-6 are subject to Ineffective user bans. The attacker could register multiple users, and join the meeting with one of them. When that user is banned, they could still join the meeting with the remaining registered...
BigBlueButton 访问控制错误漏洞
BigBlueButton is an open source web conferencing system from the BigBlueButton community. An access control error vulnerability exists in versions prior to BigBlueButton 2.4-rc-6 that stems from being subject to an invalid user ban, which could be exploited by an attacker to register multiple use...
CVE-2022-29236
BigBlueButton is an open source web conferencing system. Starting in version 2.2 and prior to versions 2.3.18 and 2.4-rc-6, an attacker can circumvent access restrictions for drawing on the whiteboard. The permission check is inadvertently skipped on the server, due to a previously introduced gra...
CVE-2022-29236 Improper access control for pencil annotations in BigBlueButton
BigBlueButton is an open source web conferencing system. Starting in version 2.2 and prior to versions 2.3.18 and 2.4-rc-6, an attacker can circumvent access restrictions for drawing on the whiteboard. The permission check is inadvertently skipped on the server, due to a previously introduced gra...