Description

BigBlueButton is an open-source virtual classroom designed to help teachers teach and learners learn. An attacker may be able to exploit the overly elevated file permissions in the `/usr/local/bigbluebutton/core/vendor/bundle/ruby/2.7.0/gems/resque-2.6.0` directory with the goal of privilege escalation, potentially exposing sensitive information on the server. This issue has been patched in version(s) 2.6.18, 2.7.8 and 3.0.0-alpha.7.

INFO

Published Date :

2024-06-28T20:51:59.312Z

Last Modified :

2024-08-02T04:19:20.698Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2024-39302 vulnerability.

Vendors Products
Bigbluebutton
  • Bigbluebutton
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-39302.

URL Resource
https://github.com/bigbluebutton/bigbluebutton/commit/04e916798b6b1f53f88513df3168f009b57b8f18 cve-icon cve-icon
https://github.com/bigbluebutton/bigbluebutton/commit/b9a46197ed924783f06a24381e923b3329b9c91a cve-icon cve-icon
https://github.com/bigbluebutton/bigbluebutton/commit/f4502e4927609374f5356f824f5dac0101f9976a cve-icon cve-icon
https://github.com/bigbluebutton/bigbluebutton/security/advisories/GHSA-5966-9hw8-q96q cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact