Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bigbluebutton bigbluebutton vulnerabilities and exploits
(subscribe to this query)
5.3
CVSSv3
CVE-2020-27609
BigBlueButton up to and including 2.2.28 records a video meeting despite the deactivation of video recording in the user interface. This may result in data storage beyond what is authorized for a specific meeting topic or participant.
Bigbluebutton Bigbluebutton
7.5
CVSSv3
CVE-2020-27610
The installation procedure in BigBlueButton prior to 2.2.28 (or earlier) exposes certain network services to external interfaces, and does not automatically set up a firewall configuration to block external access.
Bigbluebutton Bigbluebutton
7.3
CVSSv3
CVE-2020-27611
BigBlueButton up to and including 2.2.28 uses STUN/TURN resources from a third party, which may represent an unintended endpoint.
Bigbluebutton Bigbluebutton
4.3
CVSSv3
CVE-2020-27612
Greenlight in BigBlueButton up to and including 2.2.28 places usernames in room URLs, which may represent an unintended information leak to users in a room, or an information leak to outsiders if any user publishes a screenshot of a browser window.
Bigbluebutton Bigbluebutton
8.4
CVSSv3
CVE-2020-27613
The installation procedure in BigBlueButton prior to 2.2.28 (or earlier) uses ClueCon as the FreeSWITCH password, which allows local users to achieve unintended FreeSWITCH access.
Bigbluebutton Bigbluebutton
6.1
CVSSv3
CVE-2021-4143
Cross-site Scripting (XSS) - Generic in GitHub repository bigbluebutton/bigbluebutton before 2.4.0.
Bigbluebutton Bigbluebutton
4.3
CVSSv3
CVE-2022-23490
BigBlueButton is an open source web conferencing system. Versions before 2.4.0 expose sensitive information to Unauthorized Actors. This issue affects meetings with polls, where the attacker is a meeting participant. Subscribing to the current-poll collection does not update the ...
Bigbluebutton Bigbluebutton
4.3
CVSSv3
CVE-2022-29234
BigBlueButton is an open source web conferencing system. Starting in version 2.2 and prior to versions 2.3.18 and 2.4.1, an attacker could send messages to a locked chat within a grace period of 5s any lock setting in the meeting was changed. The attacker needs to be a participan...
Bigbluebutton Bigbluebutton
5.4
CVSSv3
CVE-2022-27238
BigBlueButton version 2.4.7 (or earlier) is vulnerable to stored Cross-Site Scripting (XSS) in the private chat functionality. A threat actor could inject JavaScript payload in his/her username. The payload gets executed in the browser of the victim each time the attacker sends a...
Bigbluebutton Bigbluebutton
4.3
CVSSv3
CVE-2022-41960
BigBlueButton is an open source web conferencing system. Versions before 2.4.3, are subject to Insufficient Verification of Data Authenticity, resulting in Denial of Service. An attacker can make a Meteor call to `validateAuthToken` using a victim's userId, meetingId, and an...
Bigbluebutton Bigbluebutton
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5248
CVE-2024-3110
CVE-2024-5552
CVE-2024-29415
HTML injection
CVE-2024-3095
TCP
type confusion
CVE-2024-1800
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »