PT-2022-26186 · Unknown · Bigbluebutton
Juraj Somorovsky
+2
·
Published
2022-12-16
·
Updated
2022-12-20
·
CVE-2022-41962
CVSS v3.1
2.7
Low
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
BigBlueButton versions prior to 2.4-rc-6
BigBlueButton versions prior to 2.5-alpha-1
Description
BigBlueButton is an open source web conferencing system. The issue concerns Incorrect Authorization for setting emoji status. A user with moderator rights can use the clear status feature to set any emoji status for other users. However, moderators should only be able to set none as the status of other users.
Recommendations
For versions prior to 2.4-rc-6, update to version 2.4-rc-6 or later to resolve the issue.
For versions prior to 2.5-alpha-1, update to version 2.5-alpha-1 or later to resolve the issue.
Exploit
Fix
Incorrect Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Bigbluebutton