CVE-2022-29235

Name of the Vulnerable Software and Affected Versions BigBlueButton versions 2.2 through 2.3.17 BigBlueButton versions 2.4-rc-1 through 2.4-rc-5

Description BigBlueButton is an open source web conferencing system. An attacker who is able to obtain the meeting identifier for a meeting on a server can find information related to an external video being shared, like the current timestamp and play/pause. The problem has been patched by modifying the stream to send the data only for users in the meeting.

Recommendations For BigBlueButton versions 2.2 through 2.3.17, update to version 2.3.18 or later. For BigBlueButton versions 2.4-rc-1 through 2.4-rc-5, update to version 2.4-rc-6 or later.