Unrated severityNVD Advisory· Published Dec 16, 2022· Updated Apr 17, 2025
BigBlueButton contains Incorrect Authorization for setting emoji status
CVE-2022-41962
Description
BigBlueButton is an open source web conferencing system. Versions prior to 2.4-rc-6, and 2.5-alpha-1 contain Incorrect Authorization for setting emoji status. A user with moderator rights can use the clear status feature to set any emoji status for other users. Moderators should only be able to set none as the status of other users. This issue is patched in 2.4-rc-6 and 2.5-alpha-1There are no workarounds.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2<2.4-rc-6, <2.5-alpha-1+ 1 more
- (no CPE)range: <2.4-rc-6, <2.5-alpha-1
- (no CPE)range: <2.4-rc-6
Patches
Vulnerability mechanics
References
3- github.com/bigbluebutton/bigbluebutton/releases/tag/v2.4-rc-6mitrex_refsource_MISC
- github.com/bigbluebutton/bigbluebutton/releases/tag/v2.5-alpha-1mitrex_refsource_MISC
- github.com/bigbluebutton/bigbluebutton/security/advisories/GHSA-88qf-33qm-9mm7mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.