PT-2022-20479 · Unknown · Greenlight

Published

2022-06-27

Updated

2022-07-07

CVE-2022-31039

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Greenlight versions prior to 2.12.6

Description Greenlight is a simple front-end interface for a BigBlueButton server. In affected versions, an attacker can view any room's settings, even though they are not authorized to do so. Only the room owner and administrator should be able to view a room's settings.

Recommendations For versions prior to 2.12.6, update to release version 2.12.6 to resolve the issue.

Exploit

Fix

Incorrect Authorization

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863CWE-269

Related Identifiers

CVE-2022-31039

GHSA-PHH8-3V6V-7498

Affected Products

Greenlight

PT-2022-20479 · Unknown · Greenlight

CVE-2022-31039

Weakness Enumeration

Related Identifiers

Affected Products

References · 7