Unrated severityNVD Advisory· Published Oct 21, 2020· Updated Aug 4, 2024
CVE-2020-27604
CVE-2020-27604
Description
BigBlueButton before 2.3 does not implement LibreOffice sandboxing. This might make it easier for remote authenticated users to read the API shared secret in the bigbluebutton.properties file. With the API shared secret, an attacker can (for example) use api/join to join an arbitrary meeting regardless of its guestPolicy setting.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- BigBlueButton/BigBlueButtondescription
- Range: <2.3
Patches
Vulnerability mechanics
References
2- docs.bigbluebutton.org/dev/api.htmlmitrex_refsource_MISC
- www.golem.de/news/big-blue-button-das-grosse-blaue-sicherheitsrisiko-2010-151610.htmlmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.