Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bigbluebutton vulnerabilities and exploits
(subscribe to this query)
7.3
CVSSv3
CVE-2020-27611
BigBlueButton up to and including 2.2.28 uses STUN/TURN resources from a third party, which may represent an unintended endpoint.
Bigbluebutton Bigbluebutton
4.3
CVSSv3
CVE-2020-27612
Greenlight in BigBlueButton up to and including 2.2.28 places usernames in room URLs, which may represent an unintended information leak to users in a room, or an information leak to outsiders if any user publishes a screenshot of a browser window.
Bigbluebutton Bigbluebutton
8.4
CVSSv3
CVE-2020-27613
The installation procedure in BigBlueButton prior to 2.2.28 (or earlier) uses ClueCon as the FreeSWITCH password, which allows local users to achieve unintended FreeSWITCH access.
Bigbluebutton Bigbluebutton
4.3
CVSSv3
CVE-2022-41960
BigBlueButton is an open source web conferencing system. Versions before 2.4.3, are subject to Insufficient Verification of Data Authenticity, resulting in Denial of Service. An attacker can make a Meteor call to `validateAuthToken` using a victim's userId, meetingId, and an...
Bigbluebutton Bigbluebutton
3.1
CVSSv3
CVE-2022-41963
BigBlueButton is an open source web conferencing system. Versions before 2.4.3 contain a whiteboard grace period that exists to handle delayed messages, but this grace period could be used by malicious users to take actions in the few seconds after their access is revoked. The at...
Bigbluebutton Bigbluebutton
4.3
CVSSv3
CVE-2022-23490
BigBlueButton is an open source web conferencing system. Versions before 2.4.0 expose sensitive information to Unauthorized Actors. This issue affects meetings with polls, where the attacker is a meeting participant. Subscribing to the current-poll collection does not update the ...
Bigbluebutton Bigbluebutton
5.4
CVSSv3
CVE-2022-27238
BigBlueButton version 2.4.7 (or earlier) is vulnerable to stored Cross-Site Scripting (XSS) in the private chat functionality. A threat actor could inject JavaScript payload in his/her username. The payload gets executed in the browser of the victim each time the attacker sends a...
Bigbluebutton Bigbluebutton
6.1
CVSSv3
CVE-2021-4143
Cross-site Scripting (XSS) - Generic in GitHub repository bigbluebutton/bigbluebutton before 2.4.0.
Bigbluebutton Bigbluebutton
6.5
CVSSv3
CVE-2020-25820
BigBlueButton prior to 2.2.7 allows remote authenticated users to read local files and conduct SSRF attacks via an uploaded Office document that has a crafted URL in an ODF xlink field.
Bigbluebutton Bigbluebutton
3.7
CVSSv3
CVE-2020-29042
An issue exists in BigBlueButton up to and including 2.2.29. A brute-force attack may occur because an unlimited number of codes can be entered for a meeting that is protected by an access code.
Bigbluebutton Bigbluebutton
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »