Описание
BigBlueButton is an open source web conferencing system. Starting with version 2.2 and prior to versions 2.3.9 and 2.4-beta-1, an attacker can circumvent access controls to obtain the content of public chat messages from different meetings on the server. The attacker must be a participant in a meeting on the server. BigBlueButton versions 2.3.9 and 2.4-beta-1 contain a patch for this issue. There are currently no known workarounds.
Ссылки
- PatchThird Party Advisory
- Release NotesThird Party Advisory
- Release NotesThird Party Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
- Release NotesThird Party Advisory
- Release NotesThird Party Advisory
- PatchThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 2.2.0 (включая) до 2.3.9 (исключая)
Одно из
cpe:2.3:a:bigbluebutton:bigbluebutton:*:*:*:*:*:*:*:*
cpe:2.3:a:bigbluebutton:bigbluebutton:2.4:alpha1:*:*:*:*:*:*
cpe:2.3:a:bigbluebutton:bigbluebutton:2.4:alpha2:*:*:*:*:*:*
EPSS
Процентиль: 58%
0.00362
Низкий
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-200
EPSS
Процентиль: 58%
0.00362
Низкий
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-200