Home > Vulnerability Database > CVE-2022-41962

Mend.io Vulnerability Database

CVE-2022-41962

Good to know:

Date: December 16, 2022

BigBlueButton is an open source web conferencing system. Versions prior to 2.4-rc-6, and 2.5-alpha-1 contain Incorrect Authorization for setting emoji status. A user with moderator rights can use the clear status feature to set any emoji status for other users. Moderators should only be able to set none as the status of other users. This issue is patched in 2.4-rc-6 and 2.5-alpha-1There are no workarounds.

Language: JS

Severity Score

2.7

Related Resources (5)

Url: https://github.com/bigbluebutton/bigbluebutton/releases/tag/v2.4-rc-6

Url: https://github.com/bigbluebutton/bigbluebutton/security/advisories/GHSA-88qf-33qm-9mm7

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-41962

Url: https://github.com/bigbluebutton/bigbluebutton/releases/tag/v2.5-alpha-1

Url: https://www.mend.io/vulnerability-database/CVE-2022-41962

Severity Score

2.7

Weakness Type (CWE)

Incorrect Authorization

CWE-863

Top Fix

Upgrade Version

Upgrade to version v2.4.0

Learn More

CVSS v3.1

Base Score:	2.7
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2022-41962

Good to know:

Date: December 16, 2022

Language: JS

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?