CVE-2020-27605

CRITICAL

9.8

CVSS Severity Score

EPSS Score0.1610%

EPSS Percentile3.60th

Published2020年10月21日

Last Modified2024年11月21日

Vulnerability Description

BigBlueButton through 2.2.28 uses Ghostscript for processing of uploaded EPS documents, and consequently may be subject to attacks related to a "schwache Sandbox."

Affected Platforms (CPE)

📦

Bigbluebutton

<= 2.2.28

References & Advisories

🔗 https://www.golem.de/news/big-blue-button-das-grosse-blaue-sicherheitsrisiko-2010-151610.html

関連する脆弱性情報

CVE-2020-276029.8

BigBlueButton before 2.2.7 does not have a protection mechanism for separator injection in meetingId, userId, and authToken.

CVE-2020-124439.8

BigBlueButton before 2.2.6 allows remote attackers to read arbitrary files because the presfilename (lowercase) value can be a .pd...

CVE-2020-261638.8

BigBlueButton Greenlight before 2.5.6 allows HTTP header (Host and Origin) attacks, which can result in Account Takeover if a vict...

CVE-2020-276138.4

The installation procedure in BigBlueButton before 2.2.28 (or earlier) uses ClueCon as the FreeSWITCH password, which allows local...