CVE-2022-41964

EPSS 0.55%
Veröffentlicht 16.12.2022 18:15:08
Zuletzt bearbeitet 21.11.2024 07:24:09
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

BigBlueButton contains Response leaks in anonymous polls

Response leaks in anonymous polls

BigBlueButton is an open source web conferencing system. This vulnerability only affects release candidates of BigBlueButton 2.4. The attacker can start a subscription for poll results before starting an anonymous poll, and use this subscription to see individual responses in the anonymous poll. The attacker had to be a meeting presenter. This issue is patched in version 2.4.0. There are no workarounds.

Mögliche Gegenmaßnahme

Server: No Workarounds

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

NVD 13 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

BigBlueButton ≫ BigBlueButton Version2.4 Updatealpha1

BigBlueButton ≫ BigBlueButton Version2.4 Updatealpha2

BigBlueButton ≫ BigBlueButton Version2.4 Updatebeta1

BigBlueButton ≫ BigBlueButton Version2.4 Updatebeta2

BigBlueButton ≫ BigBlueButton Version2.4 Updatebeta3

BigBlueButton ≫ BigBlueButton Version2.4 Updatebeta4

BigBlueButton ≫ BigBlueButton Version2.4 Updaterc1

BigBlueButton ≫ BigBlueButton Version2.4 Updaterc2

BigBlueButton ≫ BigBlueButton Version2.4 Updaterc3

BigBlueButton ≫ BigBlueButton Version2.4 Updaterc4

BigBlueButton ≫ BigBlueButton Version2.4 Updaterc5

BigBlueButton ≫ BigBlueButton Version2.4 Updaterc6

BigBlueButton ≫ BigBlueButton Version2.4 Updaterc7

Weitere Schwachstelleninformationen

SystemBigBlueButton

≫

Produkt Server

Version >= 0.0.0, < 2.4.0

Version >= 2.5-alpha-1.0, < 2.5-alpha-1

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.55%	0.417

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.7	2.1	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
security-advisories@github.com	5.7	2.1	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://github.com/bigbluebutton/bigbluebutton/releases/tag/v2.4.0

Third Party Advisory

Release Notes

https://github.com/bigbluebutton/bigbluebutton/security/advisories/GHSA-fgmj-rx7j-fqr4

Patch

Third Party Advisory

https://github.com/bigbluebutton/bigbluebutton/security/advisories/GHSA-fgmj-rx7j-fqr4

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-41964

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-41964

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-41964

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2022-41964