← Back

CVE-2022-41964

nvd nist
Published: Dec 16, 2022Modified: Nov 21, 2024

JSON object

Loading...
5.7
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
Exploitability: 2.1 / Impact: 3.6
Source: NVD

Description

BigBlueButton is an open source web conferencing system. This vulnerability only affects release candidates of BigBlueButton 2.4. The attacker can start a subscription for poll results before starting an anonymous poll, and use this subscription to see individual responses in the anonymous poll. The attacker had to be a meeting presenter. This issue is patched in version 2.4.0. There are no workarounds.

Affected (13)

Bigbluebutton
1 product
Bigbluebutton
Configuration A
13 vulnerable
Vulnerable SoftwareAffected Versions
Bigbluebutton
Bigbluebutton
Version 2.4 alpha1
Bigbluebutton
Version 2.4 alpha2
Bigbluebutton
Version 2.4 beta1
Bigbluebutton
Version 2.4 beta2
Bigbluebutton
Version 2.4 beta3
Bigbluebutton
Version 2.4 beta4
Bigbluebutton
Version 2.4 rc1
Bigbluebutton
Version 2.4 rc2
Bigbluebutton
Version 2.4 rc3
Bigbluebutton
Version 2.4 rc4
Bigbluebutton
Version 2.4 rc5
Bigbluebutton
Version 2.4 rc6
Bigbluebutton
Version 2.4 rc7

Related CWEs

CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (4)

Source: security-advisories@github.com
Release NotesThird Party Advisory
Source: security-advisories@github.com
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Release NotesThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory

Timeline

No history available yet.