PT-2026-60542 · Bigbluebutton · Bigbluebutton

CVE-2026-46351

·

Publicado

2026-07-16

·

Atualizado

2026-07-16

CVSS v3.1

8.1

Alta

VetorAV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
BigBlueButton is an open-source virtual classroom. Prior to 3.0.21, bbb-web generated conference sessionToken values with insufficiently secure randomness in bbb-common-web/src/main/java/org/bigbluebutton/api/Util.java and bigbluebutton-web/grails-app/controllers/org/bigbluebutton/web/controllers/ApiController.groovy, allowing a session user to predict other users' conference session tokens and impersonate them. This issue is fixed in version 3.0.21.

Correção

Use of Insufficiently Random Values

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

Enumeração de Fraquezas

Identificadores relacionados

CVE-2026-46351

Produtos afetados

Bigbluebutton