VYPR
Unrated severityNVD Advisory· Published Jun 1, 2022· Updated Apr 23, 2025

Grace period for lock settings in public/private chats in BigBlueButton

CVE-2022-29234

Description

BigBlueButton is an open source web conferencing system. Starting in version 2.2 and prior to versions 2.3.18 and 2.4.1, an attacker could send messages to a locked chat within a grace period of 5s any lock setting in the meeting was changed. The attacker needs to be a participant in the meeting. Versions 2.3.18 and 2.4.1 contain a patch for this issue. There are currently no known workarounds.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Bigbluebutton/Bigbluebuttonllm-fuzzy2 versions
    >=2.2, <2.3.18 || >=2.2, <2.4.1+ 1 more
    • (no CPE)range: >=2.2, <2.3.18 || >=2.2, <2.4.1
    • (no CPE)range: >= 2.2, < 2.3.18

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.