Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bigbluebutton bigbluebutton vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2020-27601
In BigBlueButton prior to 2.2.7, lockSettingsProps.disablePrivateChat does not apply to already opened chats. This occurs in bigbluebutton-html5/imports/ui/components/chat/service.js.
Bigbluebutton Bigbluebutton
4
CVSSv2
CVE-2020-27604
BigBlueButton prior to 2.3 does not implement LibreOffice sandboxing. This might make it easier for remote authenticated users to read the API shared secret in the bigbluebutton.properties file. With the API shared secret, an attacker can (for example) use api/join to join an arb...
Bigbluebutton Bigbluebutton
7.5
CVSSv2
CVE-2020-27605
BigBlueButton up to and including 2.2.28 uses Ghostscript for processing of uploaded EPS documents, and consequently may be subject to attacks related to a "schwache Sandbox."
Bigbluebutton Bigbluebutton
5
CVSSv2
CVE-2020-27606
BigBlueButton prior to 2.2.28 (or earlier) does not set the secure flag for the session cookie in an https session, which makes it easier for remote malicious users to capture this cookie by intercepting its transmission within an http session.
Bigbluebutton Bigbluebutton
4.3
CVSSv2
CVE-2020-27608
In BigBlueButton prior to 2.2.28 (or earlier), uploaded presentations are sent to clients without a Content-Type header, which allows XSS, as demonstrated by a .png file extension for an HTML document.
Bigbluebutton Bigbluebutton
5
CVSSv2
CVE-2020-27609
BigBlueButton up to and including 2.2.28 records a video meeting despite the deactivation of video recording in the user interface. This may result in data storage beyond what is authorized for a specific meeting topic or participant.
Bigbluebutton Bigbluebutton
5
CVSSv2
CVE-2020-27610
The installation procedure in BigBlueButton prior to 2.2.28 (or earlier) exposes certain network services to external interfaces, and does not automatically set up a firewall configuration to block external access.
Bigbluebutton Bigbluebutton
7.5
CVSSv2
CVE-2020-27611
BigBlueButton up to and including 2.2.28 uses STUN/TURN resources from a third party, which may represent an unintended endpoint.
Bigbluebutton Bigbluebutton
4
CVSSv2
CVE-2020-27612
Greenlight in BigBlueButton up to and including 2.2.28 places usernames in room URLs, which may represent an unintended information leak to users in a room, or an information leak to outsiders if any user publishes a screenshot of a browser window.
Bigbluebutton Bigbluebutton
4.6
CVSSv2
CVE-2020-27613
The installation procedure in BigBlueButton prior to 2.2.28 (or earlier) uses ClueCon as the FreeSWITCH password, which allows local users to achieve unintended FreeSWITCH access.
Bigbluebutton Bigbluebutton
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
privilege escalation
CVE-2024-20696
CVE-2024-29829
CVE-2024-33999
CVE-2024-35646
physical
CVE-2024-24919
CVE-2024-31030
local users
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »