CVE-2020-27612

MEDIUM

4.3

CVSS Severity Score

EPSS Score0.1440%

EPSS Percentile32.23th

Published2020年10月21日

Last Modified2024年11月21日

Vulnerability Description

Greenlight in BigBlueButton through 2.2.28 places usernames in room URLs, which may represent an unintended information leak to users in a room, or an information leak to outsiders if any user publishes a screenshot of a browser window.

Affected Platforms (CPE)

📦

Bigbluebutton

<= 2.2.28

References & Advisories

🔗 https://docs.bigbluebutton.org/admin/privacy.html

相关漏洞威胁

CVE-2020-276029.8

BigBlueButton before 2.2.7 does not have a protection mechanism for separator injection in meetingId, userId, and authToken.

CVE-2020-124439.8

BigBlueButton before 2.2.6 allows remote attackers to read arbitrary files because the presfilename (lowercase) value can be a .pd...

CVE-2020-276059.8

BigBlueButton through 2.2.28 uses Ghostscript for processing of uploaded EPS documents, and consequently may be subject to attacks...

CVE-2020-261638.8

BigBlueButton Greenlight before 2.5.6 allows HTTP header (Host and Origin) attacks, which can result in Account Takeover if a vict...