1. Home
  2. CVE Database
  3. CVE-2022-29234
MEDIUM · 4.3

CVE-2022-29234

BigBlueButton is an open source web conferencing system. Starting in version 2.2 and prior to versions 2.3.18 and 2.4.1, an attacker could send messages to a locked chat within a grace period of 5s an...

Vulnerability Description

BigBlueButton is an open source web conferencing system. Starting in version 2.2 and prior to versions 2.3.18 and 2.4.1, an attacker could send messages to a locked chat within a grace period of 5s any lock setting in the meeting was changed. The attacker needs to be a participant in the meeting. Versions 2.3.18 and 2.4.1 contain a patch for this issue. There are currently no known workarounds.

CVSS Score

4.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
LOW
Availability
NONE

Affected Products

VendorProductVersions
BigbluebuttonBigbluebutton>= 2.2.0, < 2.3.18

Related Weaknesses (CWE)

CWE-285

References

FAQ

What is CVE-2022-29234?

CVE-2022-29234 is a vulnerability with a CVSS score of 4.3 (MEDIUM). BigBlueButton is an open source web conferencing system. Starting in version 2.2 and prior to versions 2.3.18 and 2.4.1, an attacker could send messages to a locked chat within a grace period of 5s an...

How severe is CVE-2022-29234?

CVE-2022-29234 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-29234?

Check the references section above for vendor advisories and patch information. Affected products include: Bigbluebutton Bigbluebutton.