Lucene search
K

8 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 12:53 a.m.10 views

CVE-2022-23488

BigBlueButton is an open source web conferencing system. Versions prior to 2.4-rc-6 are vulnerable to Insertion of Sensitive Information Into Sent Data. The moderators-only webcams lock setting is not enforced on the backend, which allows an attacker to subscribe to viewers' webcams, even when th...

7.5CVSS6.5AI score0.0057EPSS
Exploits0References1
OSV
OSV
added 2022/12/17 12:28 a.m.24 views

CVE-2022-23488 BigBlueButton vulnerable to Insertion of Sensitive Information Into Sent Data

BigBlueButton is an open source web conferencing system. Versions prior to 2.4-rc-6 are vulnerable to Insertion of Sensitive Information Into Sent Data. The moderators-only webcams lock setting is not enforced on the backend, which allows an attacker to subscribe to viewers' webcams, even when th...

6.5CVSS7.2AI score0.0057EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/12/17 12:0 a.m.9 views

PT-2022-16022 · Unknown · Bigbluebutton

Name of the Vulnerable Software and Affected Versions: BigBlueButton versions prior to 2.4-rc-6 Description: The moderators-only webcams lock setting in BigBlueButton is not enforced on the backend. This allows an attacker to subscribe to viewers' webcams, even when the lock setting is applied, b...

7.5CVSS7.3AI score0.0057EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2022/12/16 12:45 p.m.8 views

CVE-2022-41962 BigBlueButton contains Incorrect Authorization for setting emoji status

BigBlueButton is an open source web conferencing system. Versions prior to 2.4-rc-6, and 2.5-alpha-1 contain Incorrect Authorization for setting emoji status. A user with moderator rights can use the clear status feature to set any emoji status for other users. Moderators should only be able to s...

2.7CVSS3.6AI score0.00655EPSS
Exploits0References3
Cvelist
Cvelist
added 2022/12/16 12:24 p.m.22 views

CVE-2022-41961 BigBlueButton subject to Ineffective user bans

BigBlueButton is an open source web conferencing system. Versions prior to 2.4-rc-6 are subject to Ineffective user bans. The attacker could register multiple users, and join the meeting with one of them. When that user is banned, they could still join the meeting with the remaining registered...

4.3CVSS4.7AI score0.0028EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/12/16 12:0 a.m.4 views

BigBlueButton 访问控制错误漏洞

BigBlueButton is an open source web conferencing system from the BigBlueButton community. An access control error vulnerability exists in versions prior to BigBlueButton 2.4-rc-6 that stems from being subject to an invalid user ban, which could be exploited by an attacker to register multiple use...

4.3CVSS5.2AI score0.0028EPSS
Exploits0References4
NVD
NVD
added 2022/06/02 12:15 a.m.34 views

CVE-2022-29236

BigBlueButton is an open source web conferencing system. Starting in version 2.2 and prior to versions 2.3.18 and 2.4-rc-6, an attacker can circumvent access restrictions for drawing on the whiteboard. The permission check is inadvertently skipped on the server, due to a previously introduced gra...

4.3CVSS0.00809EPSS
Exploits0References5
Cvelist
Cvelist
added 2022/06/01 11:25 p.m.42 views

CVE-2022-29236 Improper access control for pencil annotations in BigBlueButton

BigBlueButton is an open source web conferencing system. Starting in version 2.2 and prior to versions 2.3.18 and 2.4-rc-6, an attacker can circumvent access restrictions for drawing on the whiteboard. The permission check is inadvertently skipped on the server, due to a previously introduced gra...

4.3CVSS4.8AI score0.00809EPSS
Exploits0References5
Rows per page
Query Builder