CVE-2022-31039: Improper privilege management - Anyone can view room settings in GreenLight
First published: Mon Jun 27 2022(Updated: )
Greenlight is a simple front-end interface for your BigBlueButton server. In affected versions an attacker can view any room's settings even though they are not authorized to do so. Only the room owner and administrator should be able to view a room's settings. This issue has been patched in release version 2.12.6.
Credit: security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| BigBlueButton Greenlight | <2.12.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-31039?
CVE-2022-31039 is a vulnerability in BigBlueButton Greenlight that allows unauthorized users to view a room's settings.
How does CVE-2022-31039 affect BigBlueButton Greenlight?
CVE-2022-31039 affects BigBlueButton Greenlight by allowing unauthorized users to view a room's settings.
What is the severity of CVE-2022-31039?
The severity of CVE-2022-31039 is medium with a CVSS score of 5.3.
How can an attacker exploit CVE-2022-31039?
An attacker can exploit CVE-2022-31039 by accessing the settings of a room they are not authorized to view.
How to fix CVE-2022-31039?
To fix CVE-2022-31039, it is recommended to update BigBlueButton Greenlight to a version higher than 2.12.6.
- collector/nvd-index
- agent/references
- agent/remedy
- agent/type
- agent/weakness
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/severity
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- agent/title
- agent/description
- agent/event
- agent/first-publish-date
- vendor/bigbluebutton
- canonical/bigbluebutton greenlight