Vulnerabilities > CVE-2020-27601 - Exposure of Resource to Wrong Sphere vulnerability in Bigbluebutton
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
LOW Integrity impact
NONE Availability impact
NONE Summary
In BigBlueButton before 2.2.7, lockSettingsProps.disablePrivateChat does not apply to already opened chats. This occurs in bigbluebutton-html5/imports/ui/components/chat/service.js.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://github.com/bigbluebutton/bigbluebutton/commit/7dcdfb191373684bafa7b11cdd0128c9869040a1
- https://github.com/bigbluebutton/bigbluebutton/commit/7dcdfb191373684bafa7b11cdd0128c9869040a1
- https://github.com/bigbluebutton/bigbluebutton/compare/v2.2.6...v2.2.7
- https://github.com/bigbluebutton/bigbluebutton/compare/v2.2.6...v2.2.7