CVE-2022-31064

Published Jun 27, 2022

Last updated 2 years ago

CVSS medium 5.4

Overview

Description: BigBlueButton is an open source web conferencing system. Users in meetings with private chat enabled are vulnerable to a cross site scripting attack in affected versions. The attack occurs when the attacker (with xss in the name) starts a chat. in the victim's client the JavaScript will be executed. This issue has been addressed in version 2.4.8 and 2.5.0. There are no known workarounds for this issue.
Source: security-advisories@github.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 5.4
Impact score: 2.7
Exploitability score: 2.3
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 2.1
Impact score: 2.9
Exploitability score: 3.9
Vector string: AV:N/AC:H/Au:S/C:N/I:P/A:N

Weaknesses

security-advisories@github.com: CWE-79

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:bigbluebutton:bigbluebutton:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E908036F-9DE8-4FE0-91D0-551180F18E45",
            "versionEndExcluding": "2.4.8",
            "versionStartIncluding": "2.4"
          },
          {
            "criteria": "cpe:2.3:a:bigbluebutton:bigbluebutton:2.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "00E68199-1E2F-4EED-91DA-5F1D7EF1F2D5"
          },
          {
            "criteria": "cpe:2.3:a:bigbluebutton:bigbluebutton:2.4.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BC4F5D2C-5425-4DCA-BE33-618EDFB75891"
          },
          {
            "criteria": "cpe:2.3:a:bigbluebutton:bigbluebutton:2.5:alpha1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5380CCEF-88B8-43AA-A76E-18076B1CAE94"
          },
          {
            "criteria": "cpe:2.3:a:bigbluebutton:bigbluebutton:2.5:alpha2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B30DFF3F-F71E-4412-88F8-790A4A4F459B"
          },
          {
            "criteria": "cpe:2.3:a:bigbluebutton:bigbluebutton:2.5:alpha3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F75A0FD2-BF0A-42AE-8D87-1A749BF1B47F"
          },
          {
            "criteria": "cpe:2.3:a:bigbluebutton:bigbluebutton:2.5:alpha4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "454FF756-9526-4A5E-A2A5-390393791F37"
          },
          {
            "criteria": "cpe:2.3:a:bigbluebutton:bigbluebutton:2.5:alpha5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F7AC4A50-4156-4856-B92D-09E128169D17"
          },
          {
            "criteria": "cpe:2.3:a:bigbluebutton:bigbluebutton:2.5:alpha6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2AB075EF-BD7A-4AD6-9B0E-2A0242198626"
          },
          {
            "criteria": "cpe:2.3:a:bigbluebutton:bigbluebutton:2.5:beta1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "080771DC-2CB1-4397-B10E-3B267A476205"
          },
          {
            "criteria": "cpe:2.3:a:bigbluebutton:bigbluebutton:2.5:beta2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A3B75DB6-C8D6-4349-AD41-ED203F93623D"
          },
          {
            "criteria": "cpe:2.3:a:bigbluebutton:bigbluebutton:2.5:rc.1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6290761B-4651-4737-BEA8-D6CDFD09E9E8"
          },
          {
            "criteria": "cpe:2.3:a:bigbluebutton:bigbluebutton:2.5:rc.2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B33A1517-C060-4694-A534-E58776451A4A"
          },
          {
            "criteria": "cpe:2.3:a:bigbluebutton:bigbluebutton:2.5:rc.3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FAEFCFE7-7A4A-4382-AA30-6069ED41D67B"
          },
          {
            "criteria": "cpe:2.3:a:bigbluebutton:bigbluebutton:2.5:rc.4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6166891D-220A-46A6-A149-76E802FC47D5"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References