An issue was discovered in BigBlueButton through 2.2.29. When at attacker is able to view an account_activations/edit?token= URI, the attacker can create an approved user account associated with an email address that has an arbitrary domain name.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/160239/BigBlueButton-2.2.29-E-mail-Validation-Bypass.html | Third Party Advisory |
https://cxsecurity.com/issue/WLB-2020110211 | Exploit Third Party Advisory |
https://github.com/bigbluebutton/bigbluebutton/releases | Release Notes Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2020-11-26T17:49:43
Updated: 2020-11-28T18:06:30
Reserved: 2020-11-24T00:00:00
Link: CVE-2020-29043
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-11-26T18:15:10.633
Modified: 2021-07-21T11:39:23.747
Link: CVE-2020-29043
JSON object: View
Redhat Information
No data.
CWE