5.3
CVE-2020-27606
- EPSS 1.13%
- Veröffentlicht 21.10.2020 15:15:27
- Zuletzt bearbeitet 21.11.2024 05:21:26
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginBigBlueButton before 2.2.28 (or earlier) does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
BigBlueButton ≫ BigBlueButton Version < 2.2.28
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.13% | 0.621 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
https://www.golem.de/news/big-blue-button-das-grosse-blaue-sicherheitsrisiko-2010-151610.html