CVE-2022-23490

MEDIUM Year: 2022
CVSS v3 Score
4.3
Medium
Weakness Type
CWE-200
View all →

Vulnerability Description

BigBlueButton is an open source web conferencing system. Versions prior to 2.4.0 expose sensitive information to Unauthorized Actors. This issue affects meetings with polls, where the attacker is a meeting participant. Subscribing to the current-poll collection does not update the client UI, but does give the attacker access to the contents of the collection, which include the individual poll responses. This issue is patched in version 2.4.0. There are no workarounds.

Related Vulnerabilities

CVE-2011-1934

MEDIUM
CVSS:4.3(Medium)

lilo-uuid-diskid causes lilo.conf to be world-readable in lilo 23.1.

CWE-2002011

CVE-2012-1158

MEDIUM
CVSS:4.3(Medium)

Moodle before 2.2.2 has a course information leak in gradebook where users are able to see hidden grade items in export

CWE-2002012

CVE-2012-1159

MEDIUM
CVSS:4.3(Medium)

Moodle before 2.2.2: Overview report allows users to see hidden courses

CWE-2002012

CVE-2012-1161

MEDIUM
CVSS:4.3(Medium)

Moodle before 2.2.2: Course information leak via hidden courses being displayed in tag search results

CWE-2002012

CVE-2012-5570

MEDIUM
CVSS:4.3(Medium)

The Basic webmail module 6.x-1.x before 6.x-1.2 for Drupal allows remote authenticated users with the "access basic_webmail" permission to read arbitrary users' email addresses.

CWE-2002012

CVE-2013-4317

MEDIUM
CVSS:4.3(Medium)

In Apache CloudStack 4.1.0 and 4.1.1, when calling the CloudStack API call listProjectAccounts as a regular, non-administrative user, the user is able to see information for accounts other than their ...

CWE-2002013