1. Home
  2. CVE Database
  3. CVE-2022-29232
MEDIUM · 6.5

CVE-2022-29232

BigBlueButton is an open source web conferencing system. Starting with version 2.2 and prior to versions 2.3.9 and 2.4-beta-1, an attacker can circumvent access controls to obtain the content of publi...

Vulnerability Description

BigBlueButton is an open source web conferencing system. Starting with version 2.2 and prior to versions 2.3.9 and 2.4-beta-1, an attacker can circumvent access controls to obtain the content of public chat messages from different meetings on the server. The attacker must be a participant in a meeting on the server. BigBlueButton versions 2.3.9 and 2.4-beta-1 contain a patch for this issue. There are currently no known workarounds.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
NONE
Availability
NONE

Affected Products

VendorProductVersions
BigbluebuttonBigbluebutton>= 2.2.0, < 2.3.9

Related Weaknesses (CWE)

CWE-200

References

FAQ

What is CVE-2022-29232?

CVE-2022-29232 is a vulnerability with a CVSS score of 6.5 (MEDIUM). BigBlueButton is an open source web conferencing system. Starting with version 2.2 and prior to versions 2.3.9 and 2.4-beta-1, an attacker can circumvent access controls to obtain the content of publi...

How severe is CVE-2022-29232?

CVE-2022-29232 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-29232?

Check the references section above for vendor advisories and patch information. Affected products include: Bigbluebutton Bigbluebutton.