Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bigbluebutton bigbluebutton vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2020-27603
BigBlueButton prior to 2.2.27 has an unsafe JODConverter setting in which LibreOffice document conversions can access external files.
Bigbluebutton Bigbluebutton
1 Github repository
7.5
CVSSv3
CVE-2020-27610
The installation procedure in BigBlueButton prior to 2.2.28 (or earlier) exposes certain network services to external interfaces, and does not automatically set up a firewall configuration to block external access.
Bigbluebutton Bigbluebutton
7.5
CVSSv3
CVE-2020-12112
BigBlueButton prior to 2.2.5 allows remote malicious users to obtain sensitive files via Local File Inclusion.
Bigbluebutton Bigbluebutton
1 Github repository
7.3
CVSSv3
CVE-2020-27611
BigBlueButton up to and including 2.2.28 uses STUN/TURN resources from a third party, which may represent an unintended endpoint.
Bigbluebutton Bigbluebutton
6.5
CVSSv3
CVE-2023-33176
BigBlueButton is an open source virtual classroom designed to help teachers teach and learners learn. In affected versions are affected by a Server-Side Request Forgery (SSRF) vulnerability. In an `insertDocument` API request the user is able to supply a URL from which the presen...
Bigbluebutton Bigbluebutton
6.5
CVSSv3
CVE-2022-29232
BigBlueButton is an open source web conferencing system. Starting with version 2.2 and prior to versions 2.3.9 and 2.4-beta-1, an attacker can circumvent access controls to obtain the content of public chat messages from different meetings on the server. The attacker must be a pa...
Bigbluebutton Bigbluebutton
Bigbluebutton Bigbluebutton 2.4
6.5
CVSSv3
CVE-2020-27604
BigBlueButton prior to 2.3 does not implement LibreOffice sandboxing. This might make it easier for remote authenticated users to read the API shared secret in the bigbluebutton.properties file. With the API shared secret, an attacker can (for example) use api/join to join an arb...
Bigbluebutton Bigbluebutton
6.5
CVSSv3
CVE-2020-27607
In BigBlueButton prior to 2.2.28 (or earlier), the client-side Mute button only signifies that the server should stop accepting audio data from the client. It does not directly configure the client to stop sending audio data to the server, and thus a modified server could store t...
Bigbluebutton Bigbluebutton
6.5
CVSSv3
CVE-2020-25820
BigBlueButton prior to 2.2.7 allows remote authenticated users to read local files and conduct SSRF attacks via an uploaded Office document that has a crafted URL in an ODF xlink field.
Bigbluebutton Bigbluebutton
6.1
CVSSv3
CVE-2023-39991
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Blindside Networks BigBlueButton plugin <= 3.0.0-beta.4 versions.
Blindsidenetworks Bigbluebutton 3.0.0
Blindsidenetworks Bigbluebutton
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310
CVE-2024-21683
CVE-2024-22187
chrome
deserialization
XPath injection
CVE-2024-27842
denial of service
CVE-2024-24851
google
CVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »