Main Vulnerability Database SB2023010414

SB2023010414 - Improper Preservation of Permissions in BigBlueButton

Published: January 4, 2023

Security Bulletin ID SB2023010414

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper Preservation of Permissions (CVE-ID: CVE-2022-41963)

The vulnerability allows a remote user to compromise the target system.

The vulnerability exists due to improper preservation of permissions in the whiteboard. A remote administrator can take actions in the few seconds after their access was revoked.

Remediation

Install update from vendor's website.

References

https://github.com/bigbluebutton/bigbluebutton/releases/tag/v2.4.3
https://github.com/bigbluebutton/bigbluebutton/security/advisories/GHSA-v6p9-926c-6qfp