Lucene search
K

4 matches found

CVE
CVE
added 2024/04/25 8:42 p.m.77 views

CVE-2022-36029

CVE-2022-36029 affects Greenlight (end-user UI for BigBlueButton). The issue is an open redirect on the Login page caused by the unchecked value of the return_to cookie in versions prior to 2.13.0. A patch was released in 2.13.0 to fix this. The connected sources confirm the vulnerable component ...

9.1CVSS9AI score0.0041EPSS
CVE
CVE
added 2022/06/27 7:25 p.m.73 views

CVE-2022-31039

Greenlight (BigBlueButton frontend) is affected by CVE-2022-31039. In affected versions, an attacker can view any room’s settings without authorization, contrary to intended access control for room owners/administrators. The issue has been patched in release version 2.12.6. The CVSS details from ...

5.3CVSS4.7AI score0.00644EPSS
CVE
CVE
added 2024/04/25 8:36 p.m.68 views

CVE-2022-36028

Greenlight (BigBlueButton Web UI) is affected by an open redirect in the Login page due to unchecked value of the return_to cookie. Affected versions are prior to 2.13.0; version 2.13.0 includes a patch. The root cause is unvalidated/unchecked return_to cookie on login, enabling an attacker-contr...

9.1CVSS6.6AI score0.00362EPSS
CVE
CVE
added 2020/09/30 3:28 p.m.53 views

CVE-2020-26163

BigBlueButton Greenlight before 2.5.6 is affected by an HTTP header (Host and Origin) input issue that enables account takeover when a user clicks a spoofed password‑reset link. Root cause: header handling allows spoofing of origins/hosts. Impact: potential account compromise; attacks require net...

8.8CVSS8.6AI score0.01531EPSS