Vulnerabilities > CVE-2020-27605 - Unspecified vulnerability in Bigbluebutton

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

bigbluebutton

critical

NVD

Published: 2020-10-21

Updated: 2020-10-29

Summary

BigBlueButton through 2.2.28 uses Ghostscript for processing of uploaded EPS documents, and consequently may be subject to attacks related to a "schwache Sandbox."

Vulnerable Configurations

Part	Description	Count
Application	Bigbluebutton Bigbluebutton Bigbluebutton 2.2.7 Bigbluebutton Bigbluebutton 2.2.8 Bigbluebutton Bigbluebutton 2.2.25 Bigbluebutton Bigbluebutton 2.2.26 Bigbluebutton Bigbluebutton 2.2.27 Bigbluebutton Bigbluebutton 2.2.28	6

References

https://www.golem.de/news/big-blue-button-das-grosse-blaue-sicherheitsrisiko-2010-151610.html