CVE-2022-29169 - OpenCVE

Vendors	Products
Bigbluebutton	Bigbluebutton

Link	Resource
https://github.com/bigbluebutton/bigbluebutton/pull/14886	Patch Third Party Advisory
https://github.com/bigbluebutton/bigbluebutton/pull/14896	Patch Third Party Advisory
https://github.com/bigbluebutton/bigbluebutton/security/advisories/GHSA-rwrv-p665-4vwp	Mitigation Patch Third Party Advisory

{"containers": {"cna": {"affected": [{"product": "bigbluebutton", "vendor": "bigbluebutton", "versions": [{"status": "affected", "version": ">= 2.2, < 2.3.19"}, {"status": "affected", "version": ">= 2.4.0, < 2.4.7"}, {"status": "affected", "version": ">= 2.5-alpha-1, < 2.5.0-beta.2"}]}], "descriptions": [{"lang": "en", "value": "BigBlueButton is an open source web conferencing system. Versions starting with 2.2 and prior to 2.3.19, 2.4.7, and 2.5.0-beta.2 are vulnerable to regular expression denial of service (ReDoS) attacks. By using specific a RegularExpression, an attacker can cause denial of service for the bbb-html5 service. The useragent library performs checking of device by parsing the input of User-Agent header and lets it go through lookupUserAgent() (alias of useragent.lookup() ). This function handles input by regexing and attackers can abuse that by providing some ReDos payload using `SmartWatch`. The maintainers removed `htmlclient/useragent` from versions 2.3.19, 2.4.7, and 2.5.0-beta.2. As a workaround, disable NginX forwarding the requests to the handler according to the directions in the GitHub Security Advisory."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20: Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-06-01T22:20:12", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/bigbluebutton/bigbluebutton/security/advisories/GHSA-rwrv-p665-4vwp"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/bigbluebutton/bigbluebutton/pull/14886"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/bigbluebutton/bigbluebutton/pull/14896"}], "source": {"advisory": "GHSA-rwrv-p665-4vwp", "discovery": "UNKNOWN"}, "title": "ReDoS on endpoint html5client/useragent in BigBlueButton", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2022-29169", "STATE": "PUBLIC", "TITLE": "ReDoS on endpoint html5client/useragent in BigBlueButton"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "bigbluebutton", "version": {"version_data": [{"version_value": ">= 2.2, < 2.3.19"}, {"version_value": ">= 2.4.0, < 2.4.7"}, {"version_value": ">= 2.5-alpha-1, < 2.5.0-beta.2"}]}}]}, "vendor_name": "bigbluebutton"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "BigBlueButton is an open source web conferencing system. Versions starting with 2.2 and prior to 2.3.19, 2.4.7, and 2.5.0-beta.2 are vulnerable to regular expression denial of service (ReDoS) attacks. By using specific a RegularExpression, an attacker can cause denial of service for the bbb-html5 service. The useragent library performs checking of device by parsing the input of User-Agent header and lets it go through lookupUserAgent() (alias of useragent.lookup() ). This function handles input by regexing and attackers can abuse that by providing some ReDos payload using `SmartWatch`. The maintainers removed `htmlclient/useragent` from versions 2.3.19, 2.4.7, and 2.5.0-beta.2. As a workaround, disable NginX forwarding the requests to the handler according to the directions in the GitHub Security Advisory."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-20: Improper Input Validation"}]}]}, "references": {"reference_data": [{"name": "https://github.com/bigbluebutton/bigbluebutton/security/advisories/GHSA-rwrv-p665-4vwp", "refsource": "CONFIRM", "url": "https://github.com/bigbluebutton/bigbluebutton/security/advisories/GHSA-rwrv-p665-4vwp"}, {"name": "https://github.com/bigbluebutton/bigbluebutton/pull/14886", "refsource": "MISC", "url": "https://github.com/bigbluebutton/bigbluebutton/pull/14886"}, {"name": "https://github.com/bigbluebutton/bigbluebutton/pull/14896", "refsource": "MISC", "url": "https://github.com/bigbluebutton/bigbluebutton/pull/14896"}]}, "source": {"advisory": "GHSA-rwrv-p665-4vwp", "discovery": "UNKNOWN"}}}}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2022-29169", "datePublished": "2022-06-01T22:20:12", "dateReserved": "2022-04-13T00:00:00", "dateUpdated": "2022-06-01T22:20:12", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:bigbluebutton:bigbluebutton:*:*:*:*:*:*:*:*", "matchCriteriaId": "3A9BA43E-5B7C-4B62-AE0E-72776BD3F281", "versionEndExcluding": "2.3.19", "versionStartIncluding": "2.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:bigbluebutton:bigbluebutton:*:*:*:*:*:*:*:*", "matchCriteriaId": "2DC6C975-3730-40C0-9FE1-EE4A40BCF98B", "versionEndExcluding": "2.4.7", "versionStartIncluding": "2.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:bigbluebutton:bigbluebutton:2.5:alpha1:*:*:*:*:*:*", "matchCriteriaId": "5380CCEF-88B8-43AA-A76E-18076B1CAE94", "vulnerable": true}, {"criteria": "cpe:2.3:a:bigbluebutton:bigbluebutton:2.5:alpha2:*:*:*:*:*:*", "matchCriteriaId": "B30DFF3F-F71E-4412-88F8-790A4A4F459B", "vulnerable": true}, {"criteria": "cpe:2.3:a:bigbluebutton:bigbluebutton:2.5:alpha3:*:*:*:*:*:*", "matchCriteriaId": "F75A0FD2-BF0A-42AE-8D87-1A749BF1B47F", "vulnerable": true}, {"criteria": "cpe:2.3:a:bigbluebutton:bigbluebutton:2.5:alpha4:*:*:*:*:*:*", "matchCriteriaId": "454FF756-9526-4A5E-A2A5-390393791F37", "vulnerable": true}, {"criteria": "cpe:2.3:a:bigbluebutton:bigbluebutton:2.5:alpha5:*:*:*:*:*:*", "matchCriteriaId": "F7AC4A50-4156-4856-B92D-09E128169D17", "vulnerable": true}, {"criteria": "cpe:2.3:a:bigbluebutton:bigbluebutton:2.5:alpha6:*:*:*:*:*:*", "matchCriteriaId": "2AB075EF-BD7A-4AD6-9B0E-2A0242198626", "vulnerable": true}, {"criteria": "cpe:2.3:a:bigbluebutton:bigbluebutton:2.5:beta1:*:*:*:*:*:*", "matchCriteriaId": "080771DC-2CB1-4397-B10E-3B267A476205", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "BigBlueButton is an open source web conferencing system. Versions starting with 2.2 and prior to 2.3.19, 2.4.7, and 2.5.0-beta.2 are vulnerable to regular expression denial of service (ReDoS) attacks. By using specific a RegularExpression, an attacker can cause denial of service for the bbb-html5 service. The useragent library performs checking of device by parsing the input of User-Agent header and lets it go through lookupUserAgent() (alias of useragent.lookup() ). This function handles input by regexing and attackers can abuse that by providing some ReDos payload using `SmartWatch`. The maintainers removed `htmlclient/useragent` from versions 2.3.19, 2.4.7, and 2.5.0-beta.2. As a workaround, disable NginX forwarding the requests to the handler according to the directions in the GitHub Security Advisory."}, {"lang": "es", "value": "BigBlueButton es un sistema de conferencias web de c\u00f3digo abierto. Las versiones a partir de 2.2 y anteriores a 2.3.19, 2.4.7 y 2.5.0-beta.2 son vulnerables a ataques de denegaci\u00f3n de servicio con expresiones regulares (ReDoS). Usando una RegularExpression espec\u00edfica, un atacante puede causar una denegaci\u00f3n de servicio para el servicio bbb-html5. La biblioteca useragent lleva a cabo una comprobaci\u00f3n del dispositivo al analizar la entrada del encabezado User-Agent y la hace pasar por lookupUserAgent() (alias de useragent.lookup() ). Esta funci\u00f3n maneja la entrada mediante regexing y atacantes pueden abusar de ello al proporcionar alguna carga \u00fatil ReDos usando \"SmartWatch\". Los mantenedores han eliminado \"htmlclient/useragent\" de las versiones 2.3.19, 2.4.7 y 2.5.0-beta.2. Como mitigaci\u00f3n, deshabilite que NginX reenv\u00ede las peticiones al administrador seg\u00fan las indicaciones del aviso de seguridad de GitHub"}], "id": "CVE-2022-29169", "lastModified": "2023-07-21T16:40:57.340", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2022-06-01T23:15:07.970", "references": [{"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/bigbluebutton/bigbluebutton/pull/14886"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/bigbluebutton/bigbluebutton/pull/14896"}, {"source": "security-advisories@github.com", "tags": ["Mitigation", "Patch", "Third Party Advisory"], "url": "https://github.com/bigbluebutton/bigbluebutton/security/advisories/GHSA-rwrv-p665-4vwp"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1333"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-20"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

JSON object

JSON object

JSON object