Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bigbluebutton vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv3
CVE-2022-29236
BigBlueButton is an open source web conferencing system. Starting in version 2.2 and prior to versions 2.3.18 and 2.4-rc-6, an attacker can circumvent access restrictions for drawing on the whiteboard. The permission check is inadvertently skipped on the server, due to a previous...
Bigbluebutton Bigbluebutton 2.4
Bigbluebutton Bigbluebutton
4.3
CVSSv3
CVE-2022-41961
BigBlueButton is an open source web conferencing system. Versions before 2.4-rc-6 are subject to Ineffective user bans. The attacker could register multiple users, and join the meeting with one of them. When that user is banned, they could still join the meeting with the remainin...
Bigbluebutton Bigbluebutton 2.4
Bigbluebutton Bigbluebutton
2.7
CVSSv3
CVE-2022-41962
BigBlueButton is an open source web conferencing system. Versions before 2.4-rc-6, and 2.5-alpha-1 contain Incorrect Authorization for setting emoji status. A user with moderator rights can use the clear status feature to set any emoji status for other users. Moderators should on...
Bigbluebutton Bigbluebutton 2.4
Bigbluebutton Bigbluebutton
7.5
CVSSv3
CVE-2022-23488
BigBlueButton is an open source web conferencing system. Versions before 2.4-rc-6 are vulnerable to Insertion of Sensitive Information Into Sent Data. The moderators-only webcams lock setting is not enforced on the backend, which allows an malicious user to subscribe to viewers...
Bigbluebutton Bigbluebutton 2.4
Bigbluebutton Bigbluebutton
6.5
CVSSv3
CVE-2023-33176
BigBlueButton is an open source virtual classroom designed to help teachers teach and learners learn. In affected versions are affected by a Server-Side Request Forgery (SSRF) vulnerability. In an `insertDocument` API request the user is able to supply a URL from which the presen...
Bigbluebutton Bigbluebutton
5.4
CVSSv3
CVE-2022-27238
BigBlueButton version 2.4.7 (or earlier) is vulnerable to stored Cross-Site Scripting (XSS) in the private chat functionality. A threat actor could inject JavaScript payload in his/her username. The payload gets executed in the browser of the victim each time the attacker sends a...
Bigbluebutton Bigbluebutton
4.3
CVSSv3
CVE-2022-29234
BigBlueButton is an open source web conferencing system. Starting in version 2.2 and prior to versions 2.3.18 and 2.4.1, an attacker could send messages to a locked chat within a grace period of 5s any lock setting in the meeting was changed. The attacker needs to be a participan...
Bigbluebutton Bigbluebutton
4.3
CVSSv3
CVE-2022-41960
BigBlueButton is an open source web conferencing system. Versions before 2.4.3, are subject to Insufficient Verification of Data Authenticity, resulting in Denial of Service. An attacker can make a Meteor call to `validateAuthToken` using a victim's userId, meetingId, and an...
Bigbluebutton Bigbluebutton
3.1
CVSSv3
CVE-2022-41963
BigBlueButton is an open source web conferencing system. Versions before 2.4.3 contain a whiteboard grace period that exists to handle delayed messages, but this grace period could be used by malicious users to take actions in the few seconds after their access is revoked. The at...
Bigbluebutton Bigbluebutton
6.1
CVSSv3
CVE-2021-4143
Cross-site Scripting (XSS) - Generic in GitHub repository bigbluebutton/bigbluebutton before 2.4.0.
Bigbluebutton Bigbluebutton
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30078
CVE-2024-37896
code injection
CVE-2024-3080
CVE-2024-5172
cross-site request forgery
CVE-2024-6111
firmware
CVE-2024-38504
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »