CVE-2022-41963

Name of the Vulnerable Software and Affected Versions BigBlueButton versions prior to 2.4.3

Description BigBlueButton is an open source web conferencing system. The system contains a whiteboard grace period to handle delayed messages, but this period can be exploited by attackers to perform actions in the few seconds after their access is revoked. The attacker must be a meeting participant.

Recommendations For versions prior to 2.4.3, update to version 2.4.3 or 2.5-alpha-1 to resolve the issue. As a temporary workaround, consider restricting access to the whiteboard feature for meeting participants until the update is applied.