BigBlueButton is an open source web conferencing system. Starting with version 2.2 and prior to versions 2.3.9 and 2.4-beta-1, an attacker can circumvent access controls to obtain the content of public chat messages from different meetings on the server. The attacker must be a participant in a meeting on the server. BigBlueButton versions 2.3.9 and 2.4-beta-1 contain a patch for this issue. There are currently no known workarounds.
References
Link | Resource |
---|---|
https://github.com/bigbluebutton/bigbluebutton/pull/12861 | Patch Third Party Advisory |
https://github.com/bigbluebutton/bigbluebutton/releases/tag/v2.3.9 | Release Notes Third Party Advisory |
https://github.com/bigbluebutton/bigbluebutton/releases/tag/v2.4-beta-1 | Release Notes Third Party Advisory |
https://github.com/bigbluebutton/bigbluebutton/security/advisories/GHSA-3fqh-p4qr-vfm9 | Patch Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_M
Published: 2022-06-01T22:25:12
Updated: 2022-06-01T22:25:11
Reserved: 2022-04-13T00:00:00
Link: CVE-2022-29232
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-06-01T23:15:08.037
Modified: 2022-06-09T14:45:20.047
Link: CVE-2022-29232
JSON object: View
Redhat Information
No data.
CWE