Vulnerabilities > CVE-2022-29232 - Unspecified vulnerability in Bigbluebutton
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
BigBlueButton is an open source web conferencing system. Starting with version 2.2 and prior to versions 2.3.9 and 2.4-beta-1, an attacker can circumvent access controls to obtain the content of public chat messages from different meetings on the server. The attacker must be a participant in a meeting on the server. BigBlueButton versions 2.3.9 and 2.4-beta-1 contain a patch for this issue. There are currently no known workarounds.
Vulnerable Configurations
References
- https://github.com/bigbluebutton/bigbluebutton/pull/12861
- https://github.com/bigbluebutton/bigbluebutton/pull/12861
- https://github.com/bigbluebutton/bigbluebutton/releases/tag/v2.3.9
- https://github.com/bigbluebutton/bigbluebutton/releases/tag/v2.3.9
- https://github.com/bigbluebutton/bigbluebutton/releases/tag/v2.4-beta-1
- https://github.com/bigbluebutton/bigbluebutton/releases/tag/v2.4-beta-1
- https://github.com/bigbluebutton/bigbluebutton/security/advisories/GHSA-3fqh-p4qr-vfm9
- https://github.com/bigbluebutton/bigbluebutton/security/advisories/GHSA-3fqh-p4qr-vfm9