Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bigbluebutton vulnerabilities and exploits
(subscribe to this query)
7.3
CVSSv3
CVE-2020-27611
BigBlueButton up to and including 2.2.28 uses STUN/TURN resources from a third party, which may represent an unintended endpoint.
Bigbluebutton Bigbluebutton
8.4
CVSSv3
CVE-2020-27613
The installation procedure in BigBlueButton prior to 2.2.28 (or earlier) uses ClueCon as the FreeSWITCH password, which allows local users to achieve unintended FreeSWITCH access.
Bigbluebutton Bigbluebutton
7.5
CVSSv3
CVE-2020-12112
BigBlueButton prior to 2.2.5 allows remote malicious users to obtain sensitive files via Local File Inclusion.
Bigbluebutton Bigbluebutton
1 Github repository
6.1
CVSSv3
CVE-2020-12113
BigBlueButton prior to 2.2.4 allows XSS via closed captions because dangerouslySetInnerHTML in React is used.
Bigbluebutton Bigbluebutton
7.5
CVSSv3
CVE-2020-29043
An issue exists in BigBlueButton up to and including 2.2.29. When at attacker is able to view an account_activations/edit?token= URI, the attacker can create an approved user account associated with an email address that has an arbitrary domain name.
Bigbluebutton Bigbluebutton
3.5
CVSSv3
CVE-2020-27601
In BigBlueButton prior to 2.2.7, lockSettingsProps.disablePrivateChat does not apply to already opened chats. This occurs in bigbluebutton-html5/imports/ui/components/chat/service.js.
Bigbluebutton Bigbluebutton
9.8
CVSSv3
CVE-2020-27602
BigBlueButton prior to 2.2.7 does not have a protection mechanism for separator injection in meetingId, userId, and authToken.
Bigbluebutton Bigbluebutton
6.5
CVSSv3
CVE-2020-27604
BigBlueButton prior to 2.3 does not implement LibreOffice sandboxing. This might make it easier for remote authenticated users to read the API shared secret in the bigbluebutton.properties file. With the API shared secret, an attacker can (for example) use api/join to join an arb...
Bigbluebutton Bigbluebutton
5.3
CVSSv3
CVE-2020-27606
BigBlueButton prior to 2.2.28 (or earlier) does not set the secure flag for the session cookie in an https session, which makes it easier for remote malicious users to capture this cookie by intercepting its transmission within an http session.
Bigbluebutton Bigbluebutton
5.3
CVSSv3
CVE-2020-27609
BigBlueButton up to and including 2.2.28 records a video meeting despite the deactivation of video recording in the user interface. This may result in data storage beyond what is authorized for a specific meeting topic or participant.
Bigbluebutton Bigbluebutton
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5248
CVE-2024-3110
CVE-2024-5552
CVE-2024-29415
HTML injection
CVE-2024-3095
TCP
type confusion
CVE-2024-1800
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »