Vulnerabilities > Bigbluebutton > Bigbluebutton > 0.9.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-19 | CVE-2021-4143 | Cross-site Scripting vulnerability in Bigbluebutton Cross-site Scripting (XSS) - Generic in GitHub repository bigbluebutton/bigbluebutton prior to 2.4.0. | 4.3 |
| 2020-11-26 | CVE-2020-29043 | Missing Authorization vulnerability in Bigbluebutton An issue was discovered in BigBlueButton through 2.2.29. | 5.0 |
| 2020-11-26 | CVE-2020-29042 | Improper Restriction of Excessive Authentication Attempts vulnerability in Bigbluebutton An issue was discovered in BigBlueButton through 2.2.29. | 4.3 |
| 2020-11-19 | CVE-2020-28954 | Improper Encoding or Escaping of Output vulnerability in Bigbluebutton web/controllers/ApiController.groovy in BigBlueButton before 2.2.29 lacks certain parameter sanitization, as demonstrated by accepting control characters in a user name. | 5.0 |
| 2020-11-19 | CVE-2020-28953 | Incorrect Permission Assignment for Critical Resource vulnerability in Bigbluebutton In BigBlueButton before 2.2.29, a user can vote more than once in a single poll. | 4.0 |
| 2020-10-21 | CVE-2020-27613 | Cleartext Storage of Sensitive Information vulnerability in Bigbluebutton The installation procedure in BigBlueButton before 2.2.28 (or earlier) uses ClueCon as the FreeSWITCH password, which allows local users to achieve unintended FreeSWITCH access. | 4.6 |
| 2020-10-21 | CVE-2020-27612 | Information Exposure vulnerability in Bigbluebutton Greenlight in BigBlueButton through 2.2.28 places usernames in room URLs, which may represent an unintended information leak to users in a room, or an information leak to outsiders if any user publishes a screenshot of a browser window. | 4.0 |
| 2020-10-21 | CVE-2020-27611 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Bigbluebutton BigBlueButton through 2.2.28 uses STUN/TURN resources from a third party, which may represent an unintended endpoint. | 7.5 |
| 2020-10-21 | CVE-2020-27610 | Information Exposure vulnerability in Bigbluebutton The installation procedure in BigBlueButton before 2.2.28 (or earlier) exposes certain network services to external interfaces, and does not automatically set up a firewall configuration to block external access. | 5.0 |
| 2020-10-21 | CVE-2020-27609 | Incorrect Authorization vulnerability in Bigbluebutton BigBlueButton through 2.2.28 records a video meeting despite the deactivation of video recording in the user interface. | 5.0 |