CVE-2022-31039

Greenlight is a simple front-end interface for your BigBlueButton server. In affected versions an attacker can view any room's settings even though they are not authorized to do so. Only the room owner and administrator should be able to view a room's settings. This issue has been patched in release version 2.12.6.
Configurations

Configuration 1 (hide)

cpe:2.3:a:bigbluebutton:greenlight:*:*:*:*:*:*:*:*

History

21 Nov 2024, 07:03

Type Values Removed Values Added
CVSS v2 : 5.0
v3 : 5.3
v2 : 5.0
v3 : 4.3
References () https://github.com/bigbluebutton/greenlight/pull/3508 - Patch, Third Party Advisory () https://github.com/bigbluebutton/greenlight/pull/3508 - Patch, Third Party Advisory
References () https://github.com/bigbluebutton/greenlight/security/advisories/GHSA-phh8-3v6v-7498 - Patch, Third Party Advisory () https://github.com/bigbluebutton/greenlight/security/advisories/GHSA-phh8-3v6v-7498 - Patch, Third Party Advisory

07 Jul 2022, 17:33

Type Values Removed Values Added
References (MISC) https://github.com/bigbluebutton/greenlight/pull/3508 - (MISC) https://github.com/bigbluebutton/greenlight/pull/3508 - Patch, Third Party Advisory
References (CONFIRM) https://github.com/bigbluebutton/greenlight/security/advisories/GHSA-phh8-3v6v-7498 - (CONFIRM) https://github.com/bigbluebutton/greenlight/security/advisories/GHSA-phh8-3v6v-7498 - Patch, Third Party Advisory
CPE cpe:2.3:a:bigbluebutton:greenlight:*:*:*:*:*:*:*:*
CWE CWE-863
CVSS v2 : unknown
v3 : unknown
v2 : 5.0
v3 : 5.3

27 Jun 2022, 20:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-06-27 20:15

Updated : 2024-11-21 07:03


NVD link : CVE-2022-31039

Mitre link : CVE-2022-31039

CVE.ORG link : CVE-2022-31039


JSON object : View

Products Affected

bigbluebutton

  • greenlight
CWE
CWE-269

Improper Privilege Management

CWE-863

Incorrect Authorization