Lucene search
K

6 matches found

NVD
NVD
added 2022/12/16 2:15 p.m.21 views

CVE-2022-41963

BigBlueButton is an open source web conferencing system. Versions prior to 2.4.3 contain a whiteboard grace period that exists to handle delayed messages, but this grace period could be used by attackers to take actions in the few seconds after their access is revoked. The attacker must be a...

3.1CVSS0.00417EPSS
Exploits0References2
Prion
Prion
added 2022/12/16 2:15 p.m.30 views

Design/Logic Flaw

BigBlueButton is an open source web conferencing system. Versions prior to 2.4.3 contain a whiteboard grace period that exists to handle delayed messages, but this grace period could be used by attackers to take actions in the few seconds after their access is revoked. The attacker must be a...

2.1CVSS3.9AI score0.00417EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2022/12/16 1:0 p.m.29 views

CVE-2022-41963 BigBlueButton contains Improper Preservation of Permissions for whiteboard

BigBlueButton is an open source web conferencing system. Versions prior to 2.4.3 contain a whiteboard grace period that exists to handle delayed messages, but this grace period could be used by attackers to take actions in the few seconds after their access is revoked. The attacker must be a...

2.7CVSS4.6AI score0.00417EPSS
Exploits0References4
Cvelist
Cvelist
added 2022/12/16 1:0 p.m.24 views

CVE-2022-41963 BigBlueButton contains Improper Preservation of Permissions for whiteboard

BigBlueButton is an open source web conferencing system. Versions prior to 2.4.3 contain a whiteboard grace period that exists to handle delayed messages, but this grace period could be used by attackers to take actions in the few seconds after their access is revoked. The attacker must be a...

2.7CVSS4AI score0.00417EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2022/12/16 12:45 p.m.8 views

CVE-2022-41962 BigBlueButton contains Incorrect Authorization for setting emoji status

BigBlueButton is an open source web conferencing system. Versions prior to 2.4-rc-6, and 2.5-alpha-1 contain Incorrect Authorization for setting emoji status. A user with moderator rights can use the clear status feature to set any emoji status for other users. Moderators should only be able to s...

2.7CVSS3.6AI score0.00655EPSS
Exploits0References3
Cvelist
Cvelist
added 2022/12/16 12:24 p.m.20 views

CVE-2022-41961 BigBlueButton subject to Ineffective user bans

BigBlueButton is an open source web conferencing system. Versions prior to 2.4-rc-6 are subject to Ineffective user bans. The attacker could register multiple users, and join the meeting with one of them. When that user is banned, they could still join the meeting with the remaining registered...

4.3CVSS4.7AI score0.0028EPSS
Exploits0References3
Rows per page
Query Builder