1. Home
  2. CVE Database
  3. CVE-2022-29233
MEDIUM · 4.3

CVE-2022-29233

BigBlueButton is an open source web conferencing system. In BigBlueButton starting with 2.2 but before 2.3.18 and 2.4-rc-1, an attacker can circumvent access controls to gain access to all breakout ro...

Vulnerability Description

BigBlueButton is an open source web conferencing system. In BigBlueButton starting with 2.2 but before 2.3.18 and 2.4-rc-1, an attacker can circumvent access controls to gain access to all breakout rooms of the meeting they are in. The permission checks rely on knowledge of internal ids rather than on verification of the role of the user. Versions 2.3.18 and 2.4-rc-1 contain a patch for this issue. There are currently no known workarounds.

CVSS Score

4.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
NONE
Availability
NONE

Affected Products

VendorProductVersions
BigbluebuttonBigbluebutton>= 2.2.0, < 2.3.18

Related Weaknesses (CWE)

CWE-285

References

FAQ

What is CVE-2022-29233?

CVE-2022-29233 is a vulnerability with a CVSS score of 4.3 (MEDIUM). BigBlueButton is an open source web conferencing system. In BigBlueButton starting with 2.2 but before 2.3.18 and 2.4-rc-1, an attacker can circumvent access controls to gain access to all breakout ro...

How severe is CVE-2022-29233?

CVE-2022-29233 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-29233?

Check the references section above for vendor advisories and patch information. Affected products include: Bigbluebutton Bigbluebutton.