CVE-2022-29236

Name of the Vulnerable Software and Affected Versions BigBlueButton versions 2.2 through 2.3.17 BigBlueButton versions 2.4-rc-1 through 2.4-rc-5

Description BigBlueButton is an open source web conferencing system. An attacker can circumvent access restrictions for drawing on the whiteboard. The permission check is inadvertently skipped on the server, due to a previously introduced grace period. The attacker must be a meeting participant.

Recommendations For BigBlueButton versions 2.2 through 2.3.17, update to version 2.3.18 to resolve the issue. For BigBlueButton versions 2.4-rc-1 through 2.4-rc-5, update to version 2.4-rc-6 to resolve the issue.