Description
Greenlight is a simple front-end interface for your BigBlueButton server. In affected versions an attacker can view any room's settings even though they are not authorized to do so. Only the room owner and administrator should be able to view a room's settings. This issue has been patched in release version 2.12.6.
References (2)
Core 2
Core References
Patch, Third Party Advisory x_refsource_confirm
https://github.com/bigbluebutton/greenlight/security/advisories/GHSA-phh8-3v6v-7498
Patch, Third Party Advisory x_refsource_misc
https://github.com/bigbluebutton/greenlight/pull/3508
Scores
CVSS v3
4.3
EPSS
0.0056
EPSS Percentile
42.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-269
CWE-863
Status
published
Products (1)
bigbluebutton/greenlight
< 2.12.6
Published
Jun 27, 2022
Tracked Since
Feb 18, 2026