CVE-2022-31039

EPSS 0.17%
Veröffentlicht 27.06.2022 20:15:08
Zuletzt bearbeitet 21.11.2024 07:03:45
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Greenlight is a simple front-end interface for your BigBlueButton server. In affected versions an attacker can view any room's settings even though they are not authorized to do so. Only the room owner and administrator should be able to view a room's settings. This issue has been patched in release version 2.12.6.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 2 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

BigBlueButton ≫ Greenlight Version < 2.12.6

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.17%	0.386

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N
security-advisories@github.com	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

https://github.com/bigbluebutton/greenlight/pull/3508

Patch

Third Party Advisory

https://github.com/bigbluebutton/greenlight/security/advisories/GHSA-phh8-3v6v-7498

Patch

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-31039

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-31039

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-31039

EUVD