CVE-2020-27607
First published: Wed Oct 21 2020(Updated: )
In BigBlueButton before 2.2.28 (or earlier), the client-side Mute button only signifies that the server should stop accepting audio data from the client. It does not directly configure the client to stop sending audio data to the server, and thus a modified server could store the audio data and/or transmit it to one or more meeting participants or other third parties.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Bigbluebutton Bigbluebutton | <2.2.28 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-27607?
CVE-2020-27607 is a vulnerability in BigBlueButton before version 2.2.28 (or earlier) that allows a modified server to store audio data.
How does the client-side Mute button work in BigBlueButton?
The client-side Mute button in BigBlueButton before version 2.2.28 only stops the server from accepting audio data, but does not stop the client from sending audio data to the server.
What is the severity of CVE-2020-27607?
CVE-2020-27607 has a severity rating of 6.5 (medium).
Which version of BigBlueButton is affected by CVE-2020-27607?
BigBlueButton before version 2.2.28 (or earlier) is affected by CVE-2020-27607.
Is there a fix available for CVE-2020-27607?
Updating BigBlueButton to version 2.2.28 or later will fix the CVE-2020-27607 vulnerability.
- collector/nvd-index
- agent/references
- agent/event
- agent/severity
- agent/author
- agent/type
- agent/description
- agent/first-publish-date
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/bigbluebutton
- canonical/bigbluebutton bigbluebutton