2.7
CVE-2022-41962
- EPSS 0.05%
- Veröffentlicht 16.12.2022 13:15:09
- Zuletzt bearbeitet 21.11.2024 07:24:09
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
LoginBigBlueButton is an open source web conferencing system. Versions prior to 2.4-rc-6, and 2.5-alpha-1 contain Incorrect Authorization for setting emoji status. A user with moderator rights can use the clear status feature to set any emoji status for other users. Moderators should only be able to set none as the status of other users. This issue is patched in 2.4-rc-6 and 2.5-alpha-1There are no workarounds.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
BigBlueButton ≫ BigBlueButton Version < 2.4
BigBlueButton ≫ BigBlueButton Version2.4 Updatealpha1
BigBlueButton ≫ BigBlueButton Version2.4 Updatealpha2
BigBlueButton ≫ BigBlueButton Version2.4 Updatebeta1
BigBlueButton ≫ BigBlueButton Version2.4 Updatebeta2
BigBlueButton ≫ BigBlueButton Version2.4 Updatebeta3
BigBlueButton ≫ BigBlueButton Version2.4 Updatebeta4
BigBlueButton ≫ BigBlueButton Version2.4 Updaterc1
BigBlueButton ≫ BigBlueButton Version2.4 Updaterc3
BigBlueButton ≫ BigBlueButton Version2.4 Updaterc4
BigBlueButton ≫ BigBlueButton Version2.4 Updaterc5
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.05% | 0.138 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 2.7 | 1.2 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
|
| security-advisories@github.com | 2.7 | 1.2 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
|
CWE-863 Incorrect Authorization
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.