Vulnerabilities > CVE-2022-29234 - Unspecified vulnerability in Bigbluebutton
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
NONE Integrity impact
LOW Availability impact
NONE Summary
BigBlueButton is an open source web conferencing system. Starting in version 2.2 and prior to versions 2.3.18 and 2.4.1, an attacker could send messages to a locked chat within a grace period of 5s any lock setting in the meeting was changed. The attacker needs to be a participant in the meeting. Versions 2.3.18 and 2.4.1 contain a patch for this issue. There are currently no known workarounds.
Vulnerable Configurations
References
- https://github.com/bigbluebutton/bigbluebutton/pull/13850
- https://github.com/bigbluebutton/bigbluebutton/pull/13850
- https://github.com/bigbluebutton/bigbluebutton/pull/14265
- https://github.com/bigbluebutton/bigbluebutton/pull/14265
- https://github.com/bigbluebutton/bigbluebutton/releases/tag/v2.3.18
- https://github.com/bigbluebutton/bigbluebutton/releases/tag/v2.3.18
- https://github.com/bigbluebutton/bigbluebutton/releases/tag/v2.4.1
- https://github.com/bigbluebutton/bigbluebutton/releases/tag/v2.4.1
- https://github.com/bigbluebutton/bigbluebutton/security/advisories/GHSA-36vc-c338-6xjv
- https://github.com/bigbluebutton/bigbluebutton/security/advisories/GHSA-36vc-c338-6xjv