exploitDog

CVE-2020-27607

Опубликовано: 21 окт. 2020

Источник: nvd

CVSS3: 6.5

CVSS2: 6.4

EPSS Низкий

Описание

In BigBlueButton before 2.2.28 (or earlier), the client-side Mute button only signifies that the server should stop accepting audio data from the client. It does not directly configure the client to stop sending audio data to the server, and thus a modified server could store the audio data and/or transmit it to one or more meeting participants or other third parties.

Ссылки

https://www.golem.de/news/big-blue-button-das-grosse-blaue-sicherheitsrisiko-2010-151610.html
Exploit
Third Party Advisory
https://www.golem.de/news/big-blue-button-das-grosse-blaue-sicherheitsrisiko-2010-151610.html
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:bigbluebutton:bigbluebutton:*:*:*:*:*:*:*:*

Версия до 2.2.28 (исключая)

EPSS

Процентиль: 45%

0.00225

Низкий

6.5 Medium

CVSS3

6.4 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-57h6-vpq8-cwg3

github

больше 3 лет назад

In BigBlueButton before 2.2.28 (or earlier), the client-side Mute button only signifies that the server should stop accepting audio data from the client. It does not directly configure the client to stop sending audio data to the server, and thus a modified server could store the audio data and/or transmit it to one or more meeting participants or other third parties.

EPSS

Процентиль: 45%

0.00225

Низкий

6.5 Medium

CVSS3

6.4 Medium

CVSS2

Дефекты

NVD-CWE-noinfo