Vulnerability Description
Greenlight is an end-user interface for BigBlueButton servers. Versions prior to 2.13.0 have an open redirect vulnerability in the Login page due to unchecked the value of the `return_to` cookie. Versions 2.13.0 contains a patch for the issue.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bigbluebutton | Greenlight | < 2.13.0 |
Related Weaknesses (CWE)
References
- https://github.com/bigbluebutton/greenlight/commit/20fe1ee71b5703fcc4ed698a959adPatch
- https://huntr.com/bounties/ba5834bd-1f04-4936-8e93-2442d45403bahttps://Broken LinkThird Party Advisory
- https://github.com/bigbluebutton/greenlight/commit/20fe1ee71b5703fcc4ed698a959adPatch
- https://huntr.com/bounties/ba5834bd-1f04-4936-8e93-2442d45403bahttps://Broken LinkThird Party Advisory
FAQ
What is CVE-2022-36029?
CVE-2022-36029 is a vulnerability with a CVSS score of 9.1 (CRITICAL). Greenlight is an end-user interface for BigBlueButton servers. Versions prior to 2.13.0 have an open redirect vulnerability in the Login page due to unchecked the value of the `return_to` cookie. Vers...
How severe is CVE-2022-36029?
CVE-2022-36029 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2022-36029?
Check the references section above for vendor advisories and patch information. Affected products include: Bigbluebutton Greenlight.