CVE-2020-27601

LOW

BigBlueButton <2.2.7 - Info Disclosure

Title source: llm

Description

In BigBlueButton before 2.2.7, lockSettingsProps.disablePrivateChat does not apply to already opened chats. This occurs in bigbluebutton-html5/imports/ui/components/chat/service.js.

References (2)

[Patch, Third Party Advisory] https://github.com/bigbluebutton/bigbluebutton/commit/7dcdfb191373684bafa7b11cdd0128c9869040a1

View Patch ZIP pw:eip

[Release Notes, Third Party Advisory] https://github.com/bigbluebutton/bigbluebutton/compare/v2.2.6...v2.2.7

Scores

CVSS v3 3.5

EPSS 0.0022

EPSS Percentile 44.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

Classification

CWE

CWE-668

Status published

Affected Products (1)

bigbluebutton/bigbluebutton < 2.2.7

Timeline

Published Sep 29, 2022

Tracked Since Feb 18, 2026