Vulnerabilities > Bigbluebutton
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-21 | CVE-2020-27606 | Unspecified vulnerability in Bigbluebutton BigBlueButton before 2.2.28 (or earlier) does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. | 5.3 |
| 2020-10-21 | CVE-2020-27605 | Unspecified vulnerability in Bigbluebutton BigBlueButton through 2.2.28 uses Ghostscript for processing of uploaded EPS documents, and consequently may be subject to attacks related to a "schwache Sandbox." | 9.8 |
| 2020-10-21 | CVE-2020-27604 | Improper Encoding or Escaping of Output vulnerability in Bigbluebutton BigBlueButton before 2.3 does not implement LibreOffice sandboxing. | 6.5 |
| 2020-10-21 | CVE-2020-27603 | Unspecified vulnerability in Bigbluebutton BigBlueButton before 2.2.27 has an unsafe JODConverter setting in which LibreOffice document conversions can access external files. | 7.5 |
| 2020-10-21 | CVE-2020-25820 | Server-Side Request Forgery (SSRF) vulnerability in Bigbluebutton BigBlueButton before 2.2.7 allows remote authenticated users to read local files and conduct SSRF attacks via an uploaded Office document that has a crafted URL in an ODF xlink field. | 6.5 |
| 2020-09-30 | CVE-2020-26163 | Unspecified vulnerability in Bigbluebutton Greenlight BigBlueButton Greenlight before 2.5.6 allows HTTP header (Host and Origin) attacks, which can result in Account Takeover if a victim follows a spoofed password-reset link. | 8.8 |
| 2020-04-29 | CVE-2020-12443 | Path Traversal vulnerability in Bigbluebutton BigBlueButton before 2.2.6 allows remote attackers to read arbitrary files because the presfilename (lowercase) value can be a .pdf filename while the presFilename (mixed case) value has a ../ sequence. | 9.8 |
| 2020-04-23 | CVE-2020-12113 | Cross-site Scripting vulnerability in Bigbluebutton BigBlueButton before 2.2.4 allows XSS via closed captions because dangerouslySetInnerHTML in React is used. | 6.1 |
| 2020-04-23 | CVE-2020-12112 | Path Traversal vulnerability in Bigbluebutton BigBlueButton before 2.2.5 allows remote attackers to obtain sensitive files via Local File Inclusion. | 7.5 |