Vulnerabilities > CVE-2020-27609 - Incorrect Authorization vulnerability in Bigbluebutton

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
low complexity
bigbluebutton
CWE-863

Summary

BigBlueButton through 2.2.28 records a video meeting despite the deactivation of video recording in the user interface. This may result in data storage beyond what is authorized for a specific meeting topic or participant.

Common Weakness Enumeration (CWE)