BigBlueButton

BigBlueButton

48 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2022-23488

  • EPSS 0.07%
  • Veröffentlicht 17.12.2022 01:15:09
  • Zuletzt bearbeitet 21.11.2024 06:48:39

BigBlueButton is an open source web conferencing system. Versions prior to 2.4-rc-6 are vulnerable to Insertion of Sensitive Information Into Sent Data. The moderators-only webcams lock setting is not enforced on the backend, which allows an attacker...

4.3

CVE-2022-23490

  • EPSS 0.08%
  • Veröffentlicht 16.12.2022 22:15:08
  • Zuletzt bearbeitet 21.11.2024 06:48:40

BigBlueButton is an open source web conferencing system. Versions prior to 2.4.0 expose sensitive information to Unauthorized Actors. This issue affects meetings with polls, where the attacker is a meeting participant. Subscribing to the current-poll...

5.7

CVE-2022-41964

  • EPSS 0.12%
  • Veröffentlicht 16.12.2022 18:15:08
  • Zuletzt bearbeitet 21.11.2024 07:24:09

BigBlueButton is an open source web conferencing system. This vulnerability only affects release candidates of BigBlueButton 2.4. The attacker can start a subscription for poll results before starting an anonymous poll, and use this subscription to s...

3.1

CVE-2022-41963

  • EPSS 0.05%
  • Veröffentlicht 16.12.2022 14:15:09
  • Zuletzt bearbeitet 21.11.2024 07:24:09

BigBlueButton is an open source web conferencing system. Versions prior to 2.4.3 contain a whiteboard grace period that exists to handle delayed messages, but this grace period could be used by attackers to take actions in the few seconds after their...

2.7

CVE-2022-41962

  • EPSS 0.05%
  • Veröffentlicht 16.12.2022 13:15:09
  • Zuletzt bearbeitet 21.11.2024 07:24:09

BigBlueButton is an open source web conferencing system. Versions prior to 2.4-rc-6, and 2.5-alpha-1 contain Incorrect Authorization for setting emoji status. A user with moderator rights can use the clear status feature to set any emoji status for o...

4.3

CVE-2022-41961

  • EPSS 0.07%
  • Veröffentlicht 16.12.2022 13:15:08
  • Zuletzt bearbeitet 21.11.2024 07:24:09

BigBlueButton is an open source web conferencing system. Versions prior to 2.4-rc-6 are subject to Ineffective user bans. The attacker could register multiple users, and join the meeting with one of them. When that user is banned, they could still jo...

4.3

CVE-2022-41960

  • EPSS 0.07%
  • Veröffentlicht 16.12.2022 00:15:13
  • Zuletzt bearbeitet 21.11.2024 07:24:09

BigBlueButton is an open source web conferencing system. Versions prior to 2.4.3, are subject to Insufficient Verification of Data Authenticity, resulting in Denial of Service. An attacker can make a Meteor call to `validateAuthToken` using a victim'...

9.8

CVE-2020-27602

  • EPSS 0.51%
  • Veröffentlicht 29.09.2022 03:15:14
  • Zuletzt bearbeitet 21.11.2024 05:21:26

BigBlueButton before 2.2.7 does not have a protection mechanism for separator injection in meetingId, userId, and authToken.

3.5

CVE-2020-27601

  • EPSS 0.22%
  • Veröffentlicht 29.09.2022 03:15:14
  • Zuletzt bearbeitet 21.11.2024 05:21:25

In BigBlueButton before 2.2.7, lockSettingsProps.disablePrivateChat does not apply to already opened chats. This occurs in bigbluebutton-html5/imports/ui/components/chat/service.js.

6.1

CVE-2022-31065

  • EPSS 0.31%
  • Veröffentlicht 27.06.2022 20:15:08
  • Zuletzt bearbeitet 21.11.2024 07:03:49

BigBlueButton is an open source web conferencing system. In affected versions an attacker can embed malicious JS in their username and have it executed on the victim's client. When a user receives a private chat from the attacker (whose username cont...