Описание
BigBlueButton is an open-source virtual classroom. A denial-of-service (DoS) vulnerability in versions prior to 3.0.13 allows any authenticated user to crash the chat functionality for all participants in a meeting by sending a malformed reactionEmojiId in the GraphQL mutation chatSendMessageReaction. Version 3.0.13 contains a patch. No known workarounds are available.
Ссылки
- Issue TrackingPatch
- ExploitVendor Advisory
- ExploitVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3.0.13 (исключая)
cpe:2.3:a:bigbluebutton:bigbluebutton:*:*:*:*:*:*:*:*
EPSS
Процентиль: 23%
0.00075
Низкий
7.5 High
CVSS3
Дефекты
CWE-703
EPSS
Процентиль: 23%
0.00075
Низкий
7.5 High
CVSS3
Дефекты
CWE-703