BigBlueButton is an open-source virtual classroom designed to help teachers teach and learners learn. An attacker with a valid join link to a meeting can trick BigBlueButton into generating a signed join link with additional parameters. One of those parameters may be "role=moderator", allowing an attacker to join a meeting as moderator using a join link that was originally created for viewer access. This vulnerability has been patched in version(s) 2.6.18, 2.7.8 and 3.0.0-alpha.7.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-06-28T20:25:40.743Z
Updated: 2024-08-02T04:12:25.127Z
Reserved: 2024-06-18T16:37:02.727Z
Link: CVE-2024-38518
Vulnrichment
Updated: 2024-08-02T04:12:25.127Z
NVD
Status : Awaiting Analysis
Published: 2024-06-28T21:15:03.180
Modified: 2024-07-01T12:37:24.220
Link: CVE-2024-38518
Redhat
No data.