Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bigbluebutton vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv3
CVE-2022-29236
BigBlueButton is an open source web conferencing system. Starting in version 2.2 and prior to versions 2.3.18 and 2.4-rc-6, an attacker can circumvent access restrictions for drawing on the whiteboard. The permission check is inadvertently skipped on the server, due to a previous...
Bigbluebutton Bigbluebutton 2.4
Bigbluebutton Bigbluebutton
8.8
CVSSv3
CVE-2023-42803
BigBlueButton is an open-source virtual classroom. BigBlueButton prior to version 2.6.0-beta.2 is vulnerable to unrestricted file upload, where the insertDocument API call does not validate the given file extension before saving the file, and does not remove it in case of validat...
Bigbluebutton Bigbluebutton 2.6.0
Bigbluebutton Bigbluebutton
5.3
CVSSv3
CVE-2023-42804
BigBlueButton is an open-source virtual classroom. BigBlueButton prior to version 2.6.0-beta.1 has a path traversal vulnerability that allows an attacker with a valid starting folder path, to traverse and read other files without authentication, assuming the files have certain ex...
Bigbluebutton Bigbluebutton 2.6.0
Bigbluebutton Bigbluebutton
7.5
CVSSv3
CVE-2022-23488
BigBlueButton is an open source web conferencing system. Versions before 2.4-rc-6 are vulnerable to Insertion of Sensitive Information Into Sent Data. The moderators-only webcams lock setting is not enforced on the backend, which allows an malicious user to subscribe to viewers...
Bigbluebutton Bigbluebutton 2.4
Bigbluebutton Bigbluebutton
4.3
CVSSv3
CVE-2022-41960
BigBlueButton is an open source web conferencing system. Versions before 2.4.3, are subject to Insufficient Verification of Data Authenticity, resulting in Denial of Service. An attacker can make a Meteor call to `validateAuthToken` using a victim's userId, meetingId, and an...
Bigbluebutton Bigbluebutton
6.5
CVSSv3
CVE-2020-25820
BigBlueButton prior to 2.2.7 allows remote authenticated users to read local files and conduct SSRF attacks via an uploaded Office document that has a crafted URL in an ODF xlink field.
Bigbluebutton Bigbluebutton
6.5
CVSSv3
CVE-2020-27607
In BigBlueButton prior to 2.2.28 (or earlier), the client-side Mute button only signifies that the server should stop accepting audio data from the client. It does not directly configure the client to stop sending audio data to the server, and thus a modified server could store t...
Bigbluebutton Bigbluebutton
4.3
CVSSv3
CVE-2020-28953
In BigBlueButton prior to 2.2.29, a user can vote more than once in a single poll.
Bigbluebutton Bigbluebutton
5.3
CVSSv3
CVE-2020-28954
web/controllers/ApiController.groovy in BigBlueButton prior to 2.2.29 lacks certain parameter sanitization, as demonstrated by accepting control characters in a user name.
Bigbluebutton Bigbluebutton
3.7
CVSSv3
CVE-2020-29042
An issue exists in BigBlueButton up to and including 2.2.29. A brute-force attack may occur because an unlimited number of codes can be entered for a meeting that is protected by an access code.
Bigbluebutton Bigbluebutton
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-34377
CVE-2024-20859
CVE-2023-49606
inject
arbitrary
CVE-2024-33788
CVE-2024-30973
IDOR
CVE-2024-33907
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »