Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Bigbluebutton Subscribe
Total 42 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-12113 1 Bigbluebutton 1 Bigbluebutton 2020-09-30 4.3 MEDIUM 6.1 MEDIUM
BigBlueButton before 2.2.4 allows XSS via closed captions because dangerouslySetInnerHTML in React is used.
CVE-2020-12443 1 Bigbluebutton 1 Bigbluebutton 2020-05-06 7.5 HIGH 9.8 CRITICAL
BigBlueButton before 2.2.6 allows remote attackers to read arbitrary files because the presfilename (lowercase) value can be a .pdf filename while the presFilename (mixed case) value has a ../ sequence. This can be leveraged for privilege escalation via a directory traversal to bigbluebutton.properties. NOTE: this issue exists because of an ineffective mitigation to CVE-2020-12112 in which there was an attempted fix within an NGINX configuration file, without considering that the relevant part of NGINX is case-insensitive.