CVE-2022-41964

Published Dec 16, 2022

Last updated 2 years ago

CVSS medium 5.7

Overview

Description: BigBlueButton is an open source web conferencing system. This vulnerability only affects release candidates of BigBlueButton 2.4. The attacker can start a subscription for poll results before starting an anonymous poll, and use this subscription to see individual responses in the anonymous poll. The attacker had to be a meeting presenter. This issue is patched in version 2.4.0. There are no workarounds.
Source: security-advisories@github.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 5.7
Impact score: 3.6
Exploitability score: 2.1
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
Severity: MEDIUM

Weaknesses

security-advisories@github.com: CWE-200

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:bigbluebutton:bigbluebutton:2.4:alpha1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C136F53E-2EC5-433F-B354-88DA37689142"
          },
          {
            "criteria": "cpe:2.3:a:bigbluebutton:bigbluebutton:2.4:alpha2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "626A8774-BC38-4F11-A16B-918EC8740C82"
          },
          {
            "criteria": "cpe:2.3:a:bigbluebutton:bigbluebutton:2.4:beta1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "33735D00-C2AC-4FDA-B47B-B15D099F26F3"
          },
          {
            "criteria": "cpe:2.3:a:bigbluebutton:bigbluebutton:2.4:beta2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "98890F0C-2E60-4696-A6E5-F44FB2A1A5BD"
          },
          {
            "criteria": "cpe:2.3:a:bigbluebutton:bigbluebutton:2.4:beta3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0C916210-11BF-4F4C-AE3E-29D27135F3F9"
          },
          {
            "criteria": "cpe:2.3:a:bigbluebutton:bigbluebutton:2.4:beta4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ABB37B70-021E-48F6-B3D2-0790A4729A3C"
          },
          {
            "criteria": "cpe:2.3:a:bigbluebutton:bigbluebutton:2.4:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "407E0358-75E5-41D9-A624-3C15D2145DDE"
          },
          {
            "criteria": "cpe:2.3:a:bigbluebutton:bigbluebutton:2.4:rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "12259673-5B79-40E4-8B08-8CB3B9C1A5A9"
          },
          {
            "criteria": "cpe:2.3:a:bigbluebutton:bigbluebutton:2.4:rc3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EC135064-4919-4759-BC25-34C7868F6431"
          },
          {
            "criteria": "cpe:2.3:a:bigbluebutton:bigbluebutton:2.4:rc4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A0173198-BFAB-49E5-898E-173503C452C2"
          },
          {
            "criteria": "cpe:2.3:a:bigbluebutton:bigbluebutton:2.4:rc5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CCB8C413-ECD9-47BF-963C-B3A0F25A1BD8"
          },
          {
            "criteria": "cpe:2.3:a:bigbluebutton:bigbluebutton:2.4:rc6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B8571BDD-2508-4C4F-864D-64BFBE7DC919"
          },
          {
            "criteria": "cpe:2.3:a:bigbluebutton:bigbluebutton:2.4:rc7:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C210D3C3-6741-490D-966D-CE4D5F8A2C39"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References