CVE-2020-27612

Name of the Vulnerable Software and Affected Versions BigBlueButton versions 2.2.8 through 2.2.28

Description The issue concerns an unintended information leak. Usernames are placed in room URLs, which may leak information to users in the same room or to outsiders if a user publishes a screenshot of a browser window.

Recommendations For versions 2.2.8 through 2.2.28, consider restricting access to room URLs to minimize the risk of information leakage. As a temporary workaround, advise users against publishing screenshots of browser windows that may contain room URLs. At the moment, there is no information about a newer version that contains a fix for this vulnerability.