Known Vulnerabilities for products from Bigbluebutton
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Bigbluebutton".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2022-23490 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 4.3 - MEDIUM | 2022-12-16 | 2023-11-07 |
| CVE-2022-23488 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.5 - HIGH | 2022-12-17 | 2023-11-07 |
| CVE-2020-29043 | An issue was discovered in BigBlueButton through 2.2.29. When at attacker is able to view an account_activations/edit?token= ... | 7.5 - HIGH | 2020-11-26 | 2021-07-21 |
| CVE-2020-29042 | An issue was discovered in BigBlueButton through 2.2.29. A brute-force attack may occur because an unlimited number of codes ... | 3.7 - LOW | 2020-11-26 | 2020-11-29 |
| CVE-2020-28954 | web/controllers/ApiController.groovy in BigBlueButton before 2.2.29 lacks certain parameter sanitization, as demonstrated by ... | 5.3 - MEDIUM | 2020-11-19 | 2020-11-29 |
| CVE-2020-28953 | In BigBlueButton before 2.2.29, a user can vote more than once in a single poll. | 4.3 - MEDIUM | 2020-11-19 | 2021-07-21 |
| CVE-2020-27642 | A cross-site scripting (XSS) vulnerability exists in the 'merge account' functionality in admins.js in BigBlueButton Greenlig... | 6.1 - MEDIUM | 2020-10-22 | 2020-10-27 |
| CVE-2020-27613 | The installation procedure in BigBlueButton before 2.2.17 uses ClueCon as the FreeSWITCH password, which allows local users t... | 8.4 - HIGH | 2020-10-21 | 2020-10-29 |
| CVE-2020-27612 | Greenlight in BigBlueButton through 2.2.28 places usernames in room URLs, which may represent an unintended information leak ... | 4.3 - MEDIUM | 2020-10-21 | 2020-10-29 |
| CVE-2020-27611 | BigBlueButton through 2.2.28 uses STUN/TURN resources from a third party, which may represent an unintended endpoint. | 7.3 - HIGH | 2020-10-21 | 2022-06-15 |
| CVE-2020-27610 | The installation procedure in BigBlueButton before 2.2.28 (or earlier) exposes certain network services to external interface... | 7.5 - HIGH | 2020-10-21 | 2021-07-21 |
| CVE-2020-27609 | BigBlueButton through 2.2.28 records a video meeting despite the deactivation of video recording in the user interface. This ... | 5.3 - MEDIUM | 2020-10-21 | 2020-10-29 |
| CVE-2020-27608 | In BigBlueButton before 2.2.6, uploaded presentations are sent to clients without a Content-Type header, which allows XSS, as... | 6.1 - MEDIUM | 2020-10-21 | 2020-10-29 |
| CVE-2020-27607 | In BigBlueButton before 2.2.28 (or earlier), the client-side Mute button only signifies that the server should stop accepting... | 6.5 - MEDIUM | 2020-10-21 | 2020-10-29 |
| CVE-2020-27606 | BigBlueButton before 2.2.28 (or earlier) does not set the secure flag for the session cookie in an https session, which makes... | 5.3 - MEDIUM | 2020-10-21 | 2020-10-29 |
| CVE-2020-27605 | BigBlueButton through 2.2.28 uses Ghostscript for processing of uploaded EPS documents, and consequently may be subject to at... | 9.8 - CRITICAL | 2020-10-21 | 2020-10-29 |
| CVE-2020-27604 | BigBlueButton before 2.3 does not implement LibreOffice sandboxing. This might make it easier for remote authenticated users ... | 6.5 - MEDIUM | 2020-10-21 | 2020-10-30 |
| CVE-2020-27603 | BigBlueButton before 2.2.27 has an unsafe JODConverter setting in which LibreOffice document conversions can access external ... | 7.5 - HIGH | 2020-10-21 | 2020-10-29 |
| CVE-2020-27602 | BigBlueButton before 2.2.7 does not have a protection mechanism for separator injection in meetingId, userId, and authToken. | 9.8 - CRITICAL | 2022-09-29 | 2022-10-03 |
| CVE-2020-27601 | In BigBlueButton before 2.2.7, lockSettingsProps.disablePrivateChat does not apply to already opened chats. This occurs in bi... | 3.5 - LOW | 2022-09-29 | 2022-10-03 |
Known software with vulnerabilities from Bigbluebutton
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Bigbluebutton | Bigbluebutton | - |
| Application | Bigbluebutton | Greenlight | - |