CVE-2022-31039

Published: Jun 27, 2022Modified: Nov 21, 2024

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

Greenlight is a simple front-end interface for your BigBlueButton server. In affected versions an attacker can view any room's settings even though they are not authorized to do so. Only the room owner and administrator should be able to view a room's settings. This issue has been patched in release version 2.12.6.

Affected (1)

Products: Bigbluebutton: Greenlight

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Bigbluebutton Greenlight	Before 2.12.6

Related CWEs

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (4)

https://github.com/bigbluebutton/greenlight/pull/3508

Source: security-advisories@github.com

PatchThird Party Advisory

https://github.com/bigbluebutton/greenlight/security/advisories/GHSA-phh8-3v6v-7498

Source: security-advisories@github.com

PatchThird Party Advisory

https://github.com/bigbluebutton/greenlight/pull/3508

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://github.com/bigbluebutton/greenlight/security/advisories/GHSA-phh8-3v6v-7498

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

Timeline

No history available yet.