Unrated severityNVD Advisory· Published Dec 16, 2022· Updated Apr 17, 2025

BigBlueButton contains Response leaks in anonymous polls

CVE-2022-41964

Description

BigBlueButton is an open source web conferencing system. This vulnerability only affects release candidates of BigBlueButton 2.4. The attacker can start a subscription for poll results before starting an anonymous poll, and use this subscription to see individual responses in the anonymous poll. The attacker had to be a meeting presenter. This issue is patched in version 2.4.0. There are no workarounds.

Affected products

Bigbluebutton/Bigbluebuttonv5
Range: >= 2.4-alpha-1, < 2.4.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/bigbluebutton/bigbluebutton/releases/tag/v2.4.0mitrex_refsource_MISC
github.com/bigbluebutton/bigbluebutton/security/advisories/GHSA-fgmj-rx7j-fqr4mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000