Vulnerability Description
An issue was discovered in BigBlueButton through 2.2.29. When at attacker is able to view an account_activations/edit?token= URI, the attacker can create an approved user account associated with an email address that has an arbitrary domain name.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bigbluebutton | Bigbluebutton | <= 2.2.29 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/160239/BigBlueButton-2.2.29-E-mail-ValidatiThird Party Advisory
- https://cxsecurity.com/issue/WLB-2020110211ExploitThird Party Advisory
- https://github.com/bigbluebutton/bigbluebutton/releasesRelease NotesThird Party Advisory
- http://packetstormsecurity.com/files/160239/BigBlueButton-2.2.29-E-mail-ValidatiThird Party Advisory
- https://cxsecurity.com/issue/WLB-2020110211ExploitThird Party Advisory
- https://github.com/bigbluebutton/bigbluebutton/releasesRelease NotesThird Party Advisory
FAQ
What is CVE-2020-29043?
CVE-2020-29043 is a vulnerability with a CVSS score of 7.5 (HIGH). An issue was discovered in BigBlueButton through 2.2.29. When at attacker is able to view an account_activations/edit?token= URI, the attacker can create an approved user account associated with an em...
How severe is CVE-2020-29043?
CVE-2020-29043 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-29043?
Check the references section above for vendor advisories and patch information. Affected products include: Bigbluebutton Bigbluebutton.