4 matches found
CVE-2022-36029
CVE-2022-36029 affects Greenlight (end-user UI for BigBlueButton). The issue is an open redirect on the Login page caused by the unchecked value of the return_to cookie in versions prior to 2.13.0. A patch was released in 2.13.0 to fix this. The connected sources confirm the vulnerable component ...
CVE-2022-31039
Greenlight (BigBlueButton frontend) is affected by CVE-2022-31039. In affected versions, an attacker can view any room’s settings without authorization, contrary to intended access control for room owners/administrators. The issue has been patched in release version 2.12.6. The CVSS details from ...
CVE-2022-36028
Greenlight (BigBlueButton Web UI) is affected by an open redirect in the Login page due to unchecked value of the return_to cookie. Affected versions are prior to 2.13.0; version 2.13.0 includes a patch. The root cause is unvalidated/unchecked return_to cookie on login, enabling an attacker-contr...
CVE-2020-26163
BigBlueButton Greenlight before 2.5.6 is affected by an HTTP header (Host and Origin) input issue that enables account takeover when a user clicks a spoofed password‑reset link. Root cause: header handling allows spoofing of origins/hosts. Impact: potential account compromise; attacks require net...