CyberSec.Space Logo
Back to CVE Browser

CVE-2020-27605

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1610%
EPSS Percentile3.60th
PublishedOct 21, 2020
Last ModifiedNov 21, 2024

Vulnerability Description

BigBlueButton through 2.2.28 uses Ghostscript for processing of uploaded EPS documents, and consequently may be subject to attacks related to a "schwache Sandbox."

Affected Platforms (CPE)

📦
Bigbluebutton

Bigbluebutton

<= 2.2.28

References & Advisories

🔗 https://www.golem.de/news/big-blue-button-das-grosse-blaue-sicherheitsrisiko-2010-151610.html
🔗 https://www.golem.de/news/big-blue-button-das-grosse-blaue-sicherheitsrisiko-2010-151610.html

Related Vulnerabilities

CVE-2020-276029.8

BigBlueButton before 2.2.7 does not have a protection mechanism for separator injection in meetingId, userId, and authToken.

CVE-2020-124439.8

BigBlueButton before 2.2.6 allows remote attackers to read arbitrary files because the presfilename (lowercase) value can be a .pd...

CVE-2020-261638.8

BigBlueButton Greenlight before 2.5.6 allows HTTP header (Host and Origin) attacks, which can result in Account Takeover if a vict...

CVE-2020-276138.4

The installation procedure in BigBlueButton before 2.2.28 (or earlier) uses ClueCon as the FreeSWITCH password, which allows local...