Unrated severityNVD Advisory· Published Dec 16, 2022· Updated Apr 17, 2025
BigBlueButton contains Response leaks in anonymous polls
CVE-2022-41964
Description
BigBlueButton is an open source web conferencing system. This vulnerability only affects release candidates of BigBlueButton 2.4. The attacker can start a subscription for poll results before starting an anonymous poll, and use this subscription to see individual responses in the anonymous poll. The attacker had to be a meeting presenter. This issue is patched in version 2.4.0. There are no workarounds.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2<=2.4.0-rc+ 1 more
- (no CPE)range: <=2.4.0-rc
- (no CPE)range: >= 2.4-alpha-1, < 2.4.0
Patches
Vulnerability mechanics
References
2- github.com/bigbluebutton/bigbluebutton/releases/tag/v2.4.0mitrex_refsource_MISC
- github.com/bigbluebutton/bigbluebutton/security/advisories/GHSA-fgmj-rx7j-fqr4mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.