Lucene search
K

7 matches found

NVD
NVD
added 2022/12/17 1:15 a.m.21 views

CVE-2022-23488

BigBlueButton is an open source web conferencing system. Versions prior to 2.4-rc-6 are vulnerable to Insertion of Sensitive Information Into Sent Data. The moderators-only webcams lock setting is not enforced on the backend, which allows an attacker to subscribe to viewers' webcams, even when th...

7.5CVSS0.0057EPSS
Exploits0References2
CVE
CVE
added 2022/12/16 5:17 p.m.94 views

CVE-2022-41964

CVE-2022-41964 affects BigBlueButton prior to version 2.4.0. The vulnerability allows a meeting presenter to subscribe to poll results before an anonymous poll starts, enabling viewing of individual responses in the poll. Root cause is an information-disclosure flaw in the poll result subscriptio...

5.7CVSS5.4AI score0.00551EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2022/12/16 1:15 p.m.24 views

Code injection

BigBlueButton is an open source web conferencing system. Versions prior to 2.4-rc-6 are subject to Ineffective user bans. The attacker could register multiple users, and join the meeting with one of them. When that user is banned, they could still join the meeting with the remaining registered...

4CVSS4.5AI score0.0028EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2022/12/16 12:45 p.m.91 views

CVE-2022-41962

BigBlueButton contains a vulnerability (CVE-2022-41962) described as Incorrect Authorization for setting emoji status. A user with moderator rights can use the clear status feature to set any emoji status for other users, whereas moderators should only be able to set none. Affected versions are p...

2.7CVSS3.5AI score0.00655EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2022/12/16 12:0 a.m.4 views

PT-2022-26186 · Unknown · Bigbluebutton

Name of the Vulnerable Software and Affected Versions: BigBlueButton versions prior to 2.4-rc-6 BigBlueButton versions prior to 2.5-alpha-1 Description: BigBlueButton is an open source web conferencing system. The issue concerns Incorrect Authorization for setting emoji status. A user with...

2.7CVSS3.7AI score0.00655EPSS
Exploits0References7
OSV
OSV
added 2022/12/15 11:56 p.m.27 views

CVE-2022-41960 BigBlueButton contains DoS via failed authToken validation

BigBlueButton is an open source web conferencing system. Versions prior to 2.4.3, are subject to Insufficient Verification of Data Authenticity, resulting in Denial of Service. An attacker can make a Meteor call to validateAuthToken using a victim's userId, meetingId, and an invalid authToken. Th...

4.3CVSS4.9AI score0.00361EPSS
Exploits0References5
NVD
NVD
added 2022/06/27 8:15 p.m.43 views

CVE-2022-31064

BigBlueButton is an open source web conferencing system. Users in meetings with private chat enabled are vulnerable to a cross site scripting attack in affected versions. The attack occurs when the attacker with xss in the name starts a chat. in the victim's client the JavaScript will be executed...

6.5CVSS0.01179EPSS
Exploits3References6
Rows per page
Query Builder