VYPR
Low severity3.7OSV Advisory· Published Jun 28, 2024· Updated Apr 15, 2026

CVE-2024-39302

CVE-2024-39302

Description

BigBlueButton is an open-source virtual classroom designed to help teachers teach and learners learn. An attacker may be able to exploit the overly elevated file permissions in the /usr/local/bigbluebutton/core/vendor/bundle/ruby/2.7.0/gems/resque-2.6.0 directory with the goal of privilege escalation, potentially exposing sensitive information on the server. This issue has been patched in version(s) 2.6.18, 2.7.8 and 3.0.0-alpha.7.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • 2.2-beta-10, 2.2-beta-11, 2.2-beta-12, …+ 1 more
    • (no CPE)range: 2.2-beta-10, 2.2-beta-11, 2.2-beta-12, …
    • (no CPE)range: >=2.6.0, <2.6.18, <2.7.8, <3.0.0-alpha.7

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.