Bigbluebutton: >> Bigbluebutton >> 2.2.27 Security Vulnerabilities
BigBlueButton through 2.2.28 records a video meeting despite the deactivation of video recording in the user interface. This may result in data storage beyond what is authorized for a specific meeting topic or participant.
CVSS Score
5.3
EPSS Score
0.002
Published
2020-10-21
The installation procedure in BigBlueButton before 2.2.28 (or earlier) exposes certain network services to external interfaces, and does not automatically set up a firewall configuration to block external access.
CVSS Score
7.5
EPSS Score
0.003
Published
2020-10-21
BigBlueButton through 2.2.28 uses STUN/TURN resources from a third party, which may represent an unintended endpoint.
CVSS Score
7.3
EPSS Score
0.001
Published
2020-10-21
Greenlight in BigBlueButton through 2.2.28 places usernames in room URLs, which may represent an unintended information leak to users in a room, or an information leak to outsiders if any user publishes a screenshot of a browser window.
CVSS Score
4.3
EPSS Score
0.002
Published
2020-10-21
The installation procedure in BigBlueButton before 2.2.28 (or earlier) uses ClueCon as the FreeSWITCH password, which allows local users to achieve unintended FreeSWITCH access.
CVSS Score
8.4
EPSS Score
0.0
Published
2020-10-21
Page 4