Vulnerabilities > CVE-2020-27601 - Exposure of Resource to Wrong Sphere vulnerability in Bigbluebutton

047910
CVSS 3.5 - LOW
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
LOW
Integrity impact
NONE
Availability impact
NONE
network
low complexity
bigbluebutton
CWE-668

Summary

In BigBlueButton before 2.2.7, lockSettingsProps.disablePrivateChat does not apply to already opened chats. This occurs in bigbluebutton-html5/imports/ui/components/chat/service.js.

Common Weakness Enumeration (CWE)