PT-2022-19484 · Unknown · Bigbluebutton
Juraj Somorovsky
+2
·
Published
2022-06-01
·
Updated
2024-03-08
·
CVE-2022-29234
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
BigBlueButton versions 2.2 through 2.3.17
BigBlueButton versions 2.4.0
Description
BigBlueButton is an open source web conferencing system. An attacker, who needs to be a participant in the meeting, could send messages to a locked chat within a 5-second grace period after the lock setting was changed.
Recommendations
For BigBlueButton versions 2.2 through 2.3.17, update to version 2.3.18 to resolve the issue.
For BigBlueButton version 2.4.0, update to version 2.4.1 to resolve the issue.
Exploit
Fix
Improper Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Bigbluebutton