Vendor CVEs
Bigbluebutton
All CVEs
54 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-27606 | 0.00 | — | 0.01 | Oct 21, 2020 | BigBlueButton before 2.2.28 (or earlier) does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. | |||
| CVE-2020-27602 | 0.00 | — | 0.01 | Oct 21, 2020 | BigBlueButton before 2.2.7 does not have a protection mechanism for separator injection in meetingId, userId, and authToken. | |||
| CVE-2020-12443 | 0.00 | — | 0.04 | Apr 29, 2020 | BigBlueButton before 2.2.6 allows remote attackers to read arbitrary files because the presfilename (lowercase) value can be a .pdf filename while the presFilename (mixed case) value has a ../ sequence. This can be leveraged for privilege escalation via a directory traversal to… | |||
| CVE-2020-12113 | 0.00 | — | 0.01 | Apr 23, 2020 | BigBlueButton before 2.2.4 allows XSS via closed captions because dangerouslySetInnerHTML in React is used. |
- CVE-2020-27606Oct 21, 2020risk 0.00cvss —epss 0.01
BigBlueButton before 2.2.28 (or earlier) does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
- CVE-2020-27602Oct 21, 2020risk 0.00cvss —epss 0.01
BigBlueButton before 2.2.7 does not have a protection mechanism for separator injection in meetingId, userId, and authToken.
- CVE-2020-12443Apr 29, 2020risk 0.00cvss —epss 0.04
BigBlueButton before 2.2.6 allows remote attackers to read arbitrary files because the presfilename (lowercase) value can be a .pdf filename while the presFilename (mixed case) value has a ../ sequence. This can be leveraged for privilege escalation via a directory traversal to…
- CVE-2020-12113Apr 23, 2020risk 0.00cvss —epss 0.01
BigBlueButton before 2.2.4 allows XSS via closed captions because dangerouslySetInnerHTML in React is used.
Page 2 of 2