Improper access control in BigBlueButton - CVE-2022-29232
Published: June 2, 2022 / Updated: May 18, 2026
Vulnerability identifier: #VU131759
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2022-29232
CWE-ID: CWE-284
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Blindside Networks
Affected software:
BigBlueButton
BigBlueButton
Detailed vulnerability description
The vulnerability allows a remote user to disclose the content of public chat messages from different meetings on the server.
The vulnerability exists due to improper access control in the public chat message access controls when handling chat message access across meetings. A remote user can participate in a meeting on the server to disclose the content of public chat messages from different meetings on the server.
How to mitigate CVE-2022-29232
Install security update from vendor's website.