Description

BigBlueButton is an open-source virtual classroom designed to help teachers teach and learners learn. An attacker with a valid join link to a meeting can trick BigBlueButton into generating a signed join link with additional parameters. One of those parameters may be "role=moderator", allowing an attacker to join a meeting as moderator using a join link that was originally created for viewer access. This vulnerability has been patched in version(s) 2.6.18, 2.7.8 and 3.0.0-alpha.7.

INFO

Published Date :

2024-06-28T20:25:40.743Z

Last Modified :

2024-08-02T04:12:25.127Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2024-38518 vulnerability.

Vendors Products
Bigbluebutton
  • Bigbluebutton
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-38518.

URL Resource
https://github.com/bigbluebutton/bigbluebutton/commit/a9d436accdcd26ea66bed9f391488ac128cd62d1 cve-icon cve-icon cve-icon
https://github.com/bigbluebutton/bigbluebutton/commit/ea6e9461dceae8fa593543d8c686f77bb8677e72 cve-icon cve-icon cve-icon
https://github.com/bigbluebutton/bigbluebutton/pull/20279 cve-icon cve-icon cve-icon
https://github.com/bigbluebutton/bigbluebutton/security/advisories/GHSA-4m48-49h7-f3c4 cve-icon cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact