CVE-2022-41962

EPSS 0.66%
Veröffentlicht 16.12.2022 13:15:09
Zuletzt bearbeitet 21.11.2024 07:24:09
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

BigBlueButton contains Incorrect Authorization for setting emoji status

Improper access control for setting emoji status

BigBlueButton is an open source web conferencing system. Versions prior to 2.4-rc-6, and 2.5-alpha-1 contain Incorrect Authorization for setting emoji status. A user with moderator rights can use the clear status feature to set any emoji status for other users. Moderators should only be able to set none as the status of other users. This issue is patched in 2.4-rc-6 and 2.5-alpha-1There are no workarounds.

Mögliche Gegenmaßnahme

Server: No workaround.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 7

NVD 11 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

BigBlueButton ≫ BigBlueButton Version < 2.4

BigBlueButton ≫ BigBlueButton Version2.4 Updatealpha1

BigBlueButton ≫ BigBlueButton Version2.4 Updatealpha2

BigBlueButton ≫ BigBlueButton Version2.4 Updatebeta1

BigBlueButton ≫ BigBlueButton Version2.4 Updatebeta2

BigBlueButton ≫ BigBlueButton Version2.4 Updatebeta3

BigBlueButton ≫ BigBlueButton Version2.4 Updatebeta4

BigBlueButton ≫ BigBlueButton Version2.4 Updaterc1

BigBlueButton ≫ BigBlueButton Version2.4 Updaterc3

BigBlueButton ≫ BigBlueButton Version2.4 Updaterc4

BigBlueButton ≫ BigBlueButton Version2.4 Updaterc5

Weitere Schwachstelleninformationen

SystemBigBlueButton

≫

Produkt Server

Version >= 0.0.0, < 2.4-rc-6

Version >= 2.5-alpha-1.0, < 2.5-alpha-1

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.66%	0.465

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	2.7	1.2	1.4	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
security-advisories@github.com	2.7	1.2	1.4	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

https://github.com/bigbluebutton/bigbluebutton/releases/tag/v2.4-rc-6

Third Party Advisory

Release Notes

https://github.com/bigbluebutton/bigbluebutton/releases/tag/v2.5-alpha-1

Third Party Advisory

Release Notes

https://github.com/bigbluebutton/bigbluebutton/security/advisories/GHSA-88qf-33qm-9mm7

Patch

Third Party Advisory

Release Notes

https://github.com/bigbluebutton/bigbluebutton/security/advisories/GHSA-88qf-33qm-9mm7

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-41962

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-41962

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-41962

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2022-41962