← Back

CVE-2022-29235

nvd nist
Published: Jun 2, 2022Modified: Nov 21, 2024

JSON object

Loading...
5.3
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Exploitability: 3.9 / Impact: 1.4
Source: NVD

Description

BigBlueButton is an open source web conferencing system. Starting in version 2.2 and prior to versions 2.3.18 and 2.4-rc-6, an attacker who is able to obtain the meeting identifier for a meeting on a server can find information related to an external video being shared, like the current timestamp and play/pause. The problem has been patched in versions 2.3.18 and 2.4-rc-6 by modifying the stream to send the data only for users in the meeting. There are currently no known workarounds.

Affected (11)

Bigbluebutton
1 product
Bigbluebutton
Configuration A
11 vulnerable
Vulnerable SoftwareAffected Versions
Bigbluebutton
Bigbluebutton
From 2.2.0 to 2.3.18
Bigbluebutton
Version 2.4 alpha1
Bigbluebutton
Version 2.4 alpha2
Bigbluebutton
Version 2.4 beta1
Bigbluebutton
Version 2.4 beta2
Bigbluebutton
Version 2.4 beta3
Bigbluebutton
Version 2.4 beta4
Bigbluebutton
Version 2.4 rc1
Bigbluebutton
Version 2.4 rc3
Bigbluebutton
Version 2.4 rc4
Bigbluebutton
Version 2.4 rc5

Related CWEs

CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (10)

Source: security-advisories@github.com
PatchThird Party Advisory
Source: security-advisories@github.com
PatchThird Party Advisory
Source: security-advisories@github.com
Release NotesThird Party Advisory
Source: security-advisories@github.com
Release NotesThird Party Advisory
Source: security-advisories@github.com
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Release NotesThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Release NotesThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory

Timeline

No history available yet.