CVE-2020-27609
First published: Wed Oct 21 2020(Updated: )
BigBlueButton through 2.2.28 records a video meeting despite the deactivation of video recording in the user interface. This may result in data storage beyond what is authorized for a specific meeting topic or participant.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Bigbluebutton Bigbluebutton | <=2.2.28 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-27609?
CVE-2020-27609 is a vulnerability in BigBlueButton versions up to and including 2.2.28 that allows the recording of video meetings despite the deactivation of video recording in the user interface.
What is the severity of CVE-2020-27609?
The severity of CVE-2020-27609 is medium with a CVSS score of 5.3.
How does CVE-2020-27609 affect BigBlueButton?
CVE-2020-27609 affects BigBlueButton versions up to and including 2.2.28 by enabling the recording of video meetings even when video recording is deactivated.
How can I fix CVE-2020-27609?
To fix CVE-2020-27609, it is recommended to update BigBlueButton to a version beyond 2.2.28 and ensure that video recording is properly deactivated.
Where can I find more information about CVE-2020-27609?
More information about CVE-2020-27609 can be found in the references: [Reference 1](https://docs.bigbluebutton.org/admin/privacy.html) and [Reference 2](https://www.golem.de/news/big-blue-button-das-grosse-blaue-sicherheitsrisiko-2010-151610.html).
- collector/nvd-index
- agent/references
- agent/author
- agent/severity
- agent/weakness
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/bigbluebutton
- canonical/bigbluebutton bigbluebutton
- version/bigbluebutton bigbluebutton/2.2.28