PT-2022-19482 · Unknown · Bigbluebutton

Juraj Somorovsky

Published

2022-06-01

Updated

2022-06-09

CVE-2022-29232

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions BigBlueButton versions 2.2 through 2.3.8 BigBlueButton versions 2.4-beta before 2.4-beta-1

Description BigBlueButton is an open source web conferencing system. An attacker can circumvent access controls to obtain the content of public chat messages from different meetings on the server, provided they are a participant in a meeting on the server.

Recommendations For BigBlueButton versions 2.2 through 2.3.8, update to version 2.3.9 to resolve the issue. For BigBlueButton versions 2.4-beta before 2.4-beta-1, update to version 2.4-beta-1 to resolve the issue.

Exploit

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2022-29232

GHSA-3FQH-P4QR-VFM9

Affected Products

Bigbluebutton

PT-2022-19482 · Unknown · Bigbluebutton

CVE-2022-29232

Weakness Enumeration

Related Identifiers

Affected Products

References · 8