Vulnerabilities > Bigbluebutton > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-30 | CVE-2023-42803 | Unspecified vulnerability in Bigbluebutton BigBlueButton is an open-source virtual classroom. | 8.8 |
| 2022-12-17 | CVE-2022-23488 | Incorrect Authorization vulnerability in Bigbluebutton BigBlueButton is an open source web conferencing system. | 7.5 |
| 2022-06-01 | CVE-2022-29169 | Unspecified vulnerability in Bigbluebutton BigBlueButton is an open source web conferencing system. | 7.5 |
| 2020-11-26 | CVE-2020-29043 | Information Exposure vulnerability in Bigbluebutton An issue was discovered in BigBlueButton through 2.2.29. | 7.5 |
| 2020-10-21 | CVE-2020-27613 | Cleartext Storage of Sensitive Information vulnerability in Bigbluebutton The installation procedure in BigBlueButton before 2.2.28 (or earlier) uses ClueCon as the FreeSWITCH password, which allows local users to achieve unintended FreeSWITCH access. | 8.4 |
| 2020-10-21 | CVE-2020-27611 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Bigbluebutton BigBlueButton through 2.2.28 uses STUN/TURN resources from a third party, which may represent an unintended endpoint. | 7.3 |
| 2020-10-21 | CVE-2020-27610 | Unspecified vulnerability in Bigbluebutton The installation procedure in BigBlueButton before 2.2.28 (or earlier) exposes certain network services to external interfaces, and does not automatically set up a firewall configuration to block external access. | 7.5 |
| 2020-10-21 | CVE-2020-27603 | Unspecified vulnerability in Bigbluebutton BigBlueButton before 2.2.27 has an unsafe JODConverter setting in which LibreOffice document conversions can access external files. | 7.5 |
| 2020-09-30 | CVE-2020-26163 | Unspecified vulnerability in Bigbluebutton Greenlight BigBlueButton Greenlight before 2.5.6 allows HTTP header (Host and Origin) attacks, which can result in Account Takeover if a victim follows a spoofed password-reset link. | 8.8 |
| 2020-04-23 | CVE-2020-12112 | Path Traversal vulnerability in Bigbluebutton BigBlueButton before 2.2.5 allows remote attackers to obtain sensitive files via Local File Inclusion. | 7.5 |