Vulnerability Description
An issue was discovered in BigBlueButton through 2.2.29. A brute-force attack may occur because an unlimited number of codes can be entered for a meeting that is protected by an access code.
CVSS Score
3.7
LOW
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bigbluebutton | Bigbluebutton | <= 2.2.29 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/160238/BigBlueButton-2.2.29-Brute-Force.htmThird Party Advisory
- https://cxsecurity.com/issue/WLB-2020110210ExploitThird Party Advisory
- https://github.com/bigbluebutton/bigbluebutton/releasesRelease NotesThird Party Advisory
- http://packetstormsecurity.com/files/160238/BigBlueButton-2.2.29-Brute-Force.htmThird Party Advisory
- https://cxsecurity.com/issue/WLB-2020110210ExploitThird Party Advisory
- https://github.com/bigbluebutton/bigbluebutton/releasesRelease NotesThird Party Advisory
FAQ
What is CVE-2020-29042?
CVE-2020-29042 is a vulnerability with a CVSS score of 3.7 (LOW). An issue was discovered in BigBlueButton through 2.2.29. A brute-force attack may occur because an unlimited number of codes can be entered for a meeting that is protected by an access code.
How severe is CVE-2020-29042?
CVE-2020-29042 has been rated LOW with a CVSS base score of 3.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-29042?
Check the references section above for vendor advisories and patch information. Affected products include: Bigbluebutton Bigbluebutton.