CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2020-27602

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0640%
EPSS Percentile13.22th
Published2022年9月29日
Last Modified2024年11月21日

Vulnerability Description

BigBlueButton before 2.2.7 does not have a protection mechanism for separator injection in meetingId, userId, and authToken.

Affected Platforms (CPE)

📦
Bigbluebutton

Bigbluebutton

< 2.2.7

References & Advisories

🔗 https://github.com/bigbluebutton/bigbluebutton/commit/4bfd924c64da2681f4c037026021f47eb189d717
🔗 https://github.com/bigbluebutton/bigbluebutton/compare/v2.2.6...v2.2.7
🔗 https://github.com/bigbluebutton/bigbluebutton/commit/4bfd924c64da2681f4c037026021f47eb189d717
🔗 https://github.com/bigbluebutton/bigbluebutton/compare/v2.2.6...v2.2.7

相關漏洞威脅

CVE-2020-276059.8

BigBlueButton through 2.2.28 uses Ghostscript for processing of uploaded EPS documents, and consequently may be subject to attacks...

CVE-2020-124439.8

BigBlueButton before 2.2.6 allows remote attackers to read arbitrary files because the presfilename (lowercase) value can be a .pd...

CVE-2020-261638.8

BigBlueButton Greenlight before 2.5.6 allows HTTP header (Host and Origin) attacks, which can result in Account Takeover if a vict...

CVE-2020-276138.4

The installation procedure in BigBlueButton before 2.2.28 (or earlier) uses ClueCon as the FreeSWITCH password, which allows local...