Description
Greenlight is an end-user interface for BigBlueButton servers. Versions prior to 2.13.0 have an open redirect vulnerability in the Login page due to unchecked the value of the `return_to` cookie. Versions 2.13.0 contains a patch for the issue.
References (2)
Core 2
Core References
Broken Link, Third Party Advisory
https://huntr.com/bounties/ba5834bd-1f04-4936-8e93-2442d45403bahttps://
Scores
CVSS v3
9.1
EPSS
0.0008
EPSS Percentile
22.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-601
Status
published
Products (1)
bigbluebutton/greenlight
< 2.13.0
Published
Apr 25, 2024
Tracked Since
Feb 18, 2026