Unrated severityNVD Advisory· Published Dec 16, 2022· Updated Apr 17, 2025

BigBlueButton contains Incorrect Authorization for setting emoji status

CVE-2022-41962

Description

BigBlueButton is an open source web conferencing system. Versions prior to 2.4-rc-6, and 2.5-alpha-1 contain Incorrect Authorization for setting emoji status. A user with moderator rights can use the clear status feature to set any emoji status for other users. Moderators should only be able to set none as the status of other users. This issue is patched in 2.4-rc-6 and 2.5-alpha-1There are no workarounds.

Affected products

Bigbluebutton/Bigbluebuttonv5
Range: <2.4-rc-6

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/bigbluebutton/bigbluebutton/releases/tag/v2.4-rc-6mitrex_refsource_MISC
github.com/bigbluebutton/bigbluebutton/releases/tag/v2.5-alpha-1mitrex_refsource_MISC
github.com/bigbluebutton/bigbluebutton/security/advisories/GHSA-88qf-33qm-9mm7mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000