Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bigbluebutton bigbluebutton vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv3
CVE-2022-29233
BigBlueButton is an open source web conferencing system. In BigBlueButton starting with 2.2 but prior to 2.3.18 and 2.4-rc-1, an attacker can circumvent access controls to gain access to all breakout rooms of the meeting they are in. The permission checks rely on knowledge of int...
Bigbluebutton Bigbluebutton 2.4
Bigbluebutton Bigbluebutton
5.4
CVSSv3
CVE-2023-43798
BigBlueButton is an open-source virtual classroom. BigBlueButton prior to versions 2.6.12 and 2.7.0-rc.1 is vulnerable to Server-Side Request Forgery (SSRF). This issue is a bypass of CVE-2023-33176. A patch in versions 2.6.12 and 2.7.0-rc.1 disabled follow redirect at `httpclien...
Bigbluebutton Bigbluebutton
Bigbluebutton Bigbluebutton 2.7.0
8.8
CVSSv3
CVE-2023-42803
BigBlueButton is an open-source virtual classroom. BigBlueButton prior to version 2.6.0-beta.2 is vulnerable to unrestricted file upload, where the insertDocument API call does not validate the given file extension before saving the file, and does not remove it in case of validat...
Bigbluebutton Bigbluebutton 2.6.0
Bigbluebutton Bigbluebutton
5.3
CVSSv3
CVE-2023-42804
BigBlueButton is an open-source virtual classroom. BigBlueButton prior to version 2.6.0-beta.1 has a path traversal vulnerability that allows an attacker with a valid starting folder path, to traverse and read other files without authentication, assuming the files have certain ex...
Bigbluebutton Bigbluebutton 2.6.0
Bigbluebutton Bigbluebutton
4.3
CVSSv3
CVE-2020-28953
In BigBlueButton prior to 2.2.29, a user can vote more than once in a single poll.
Bigbluebutton Bigbluebutton
5.3
CVSSv3
CVE-2020-28954
web/controllers/ApiController.groovy in BigBlueButton prior to 2.2.29 lacks certain parameter sanitization, as demonstrated by accepting control characters in a user name.
Bigbluebutton Bigbluebutton
3.7
CVSSv3
CVE-2020-29042
An issue exists in BigBlueButton up to and including 2.2.29. A brute-force attack may occur because an unlimited number of codes can be entered for a meeting that is protected by an access code.
Bigbluebutton Bigbluebutton
6.5
CVSSv3
CVE-2020-25820
BigBlueButton prior to 2.2.7 allows remote authenticated users to read local files and conduct SSRF attacks via an uploaded Office document that has a crafted URL in an ODF xlink field.
Bigbluebutton Bigbluebutton
6.5
CVSSv3
CVE-2023-33176
BigBlueButton is an open source virtual classroom designed to help teachers teach and learners learn. In affected versions are affected by a Server-Side Request Forgery (SSRF) vulnerability. In an `insertDocument` API request the user is able to supply a URL from which the presen...
Bigbluebutton Bigbluebutton
7.5
CVSSv3
CVE-2020-12112
BigBlueButton prior to 2.2.5 allows remote malicious users to obtain sensitive files via Local File Inclusion.
Bigbluebutton Bigbluebutton
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49333
CVE-2024-33901
CVE-2024-36001
CVE-2024-2835
firewall
XPath injection
authentication bypass
CVE-2024-22120
CVE-2024-32002
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »