Vulnerabilities > CVE-2022-41964 - Unspecified vulnerability in Bigbluebutton 2.4

CVSS 5.7 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

bigbluebutton

NVD

Published: 2022-12-16

Updated: 2024-11-21

Summary

BigBlueButton is an open source web conferencing system. This vulnerability only affects release candidates of BigBlueButton 2.4. The attacker can start a subscription for poll results before starting an anonymous poll, and use this subscription to see individual responses in the anonymous poll. The attacker had to be a meeting presenter. This issue is patched in version 2.4.0. There are no workarounds.

Vulnerable Configurations

Part	Description	Count
Application	Bigbluebutton Bigbluebutton Bigbluebutton 2.4	13

References

https://github.com/bigbluebutton/bigbluebutton/releases/tag/v2.4.0
https://github.com/bigbluebutton/bigbluebutton/releases/tag/v2.4.0
https://github.com/bigbluebutton/bigbluebutton/security/advisories/GHSA-fgmj-rx7j-fqr4
https://github.com/bigbluebutton/bigbluebutton/security/advisories/GHSA-fgmj-rx7j-fqr4