CVE-2022-41963

Опубликовано: 16 дек. 2022

Источник: nvd

CVSS3: 2.7

CVSS3: 3.1

EPSS Низкий

Описание

BigBlueButton is an open source web conferencing system. Versions prior to 2.4.3 contain a whiteboard grace period that exists to handle delayed messages, but this grace period could be used by attackers to take actions in the few seconds after their access is revoked. The attacker must be a meeting participant. This issue is patched in version 2.4.3 an version 2.5-alpha-1

Ссылки

https://github.com/bigbluebutton/bigbluebutton/releases/tag/v2.4.3
Release Notes
Third Party Advisory
https://github.com/bigbluebutton/bigbluebutton/security/advisories/GHSA-v6p9-926c-6qfp
Patch
Release Notes
Third Party Advisory
https://github.com/bigbluebutton/bigbluebutton/releases/tag/v2.4.3
Release Notes
Third Party Advisory
https://github.com/bigbluebutton/bigbluebutton/security/advisories/GHSA-v6p9-926c-6qfp
Patch
Release Notes
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:bigbluebutton:bigbluebutton:*:*:*:*:*:*:*:*

Версия до 2.4.3 (исключая)

EPSS

Процентиль: 38%

0.00165

Низкий

2.7 Low

CVSS3

3.1 Low

CVSS3

Дефекты

CWE-281

EPSS

Процентиль: 38%

0.00165

Низкий

2.7 Low

CVSS3

3.1 Low

CVSS3

Дефекты

CWE-281