CVE-2020-27612: Infoleak
First published: Wed Oct 21 2020(Updated: )
Greenlight in BigBlueButton through 2.2.28 places usernames in room URLs, which may represent an unintended information leak to users in a room, or an information leak to outsiders if any user publishes a screenshot of a browser window.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Bigbluebutton Bigbluebutton | <=2.2.28 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this security issue?
The vulnerability ID for this security issue is CVE-2020-27612.
What is the severity of the CVE-2020-27612 vulnerability?
The severity of the CVE-2020-27612 vulnerability is medium with a severity value of 4.3.
What is the affected software version for CVE-2020-27612?
The affected software version for CVE-2020-27612 is BigBlueButton through 2.2.28.
What is the potential impact of CVE-2020-27612?
The potential impact of CVE-2020-27612 is an unintended information leak to users in a room or an information leak to outsiders if any user publishes a screenshot.
Is there a fix available for CVE-2020-27612?
Yes, there is a fix available. Please refer to the official documentation for BigBlueButton for more information.
- collector/nvd-index
- agent/severity
- agent/author
- agent/type
- agent/event
- agent/references
- agent/weakness
- agent/description
- agent/last-modified-date
- agent/tags
- agent/first-publish-date
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- vendor/bigbluebutton
- canonical/bigbluebutton bigbluebutton
- version/bigbluebutton bigbluebutton/2.2.28