How severe is CVE-2024-38518?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.6 out of 10.

What type of vulnerability is CVE-2024-38518?

This is classified as CWE-284, which is a common weakness in software security.

CVE-2024-38518 - MEDIUM Severity | CVSS 4.6

Vulnerability Description

BigBlueButton is an open-source virtual classroom designed to help teachers teach and learners learn. An attacker with a valid join link to a meeting can trick BigBlueButton into generating a signed join link with additional parameters. One of those parameters may be "role=moderator", allowing an attacker to join a meeting as moderator using a join link that was originally created for viewer access. This vulnerability has been patched in version(s) 2.6.18, 2.7.8 and 3.0.0-alpha.7.

Related Vulnerabilities

CVE-2015-8512

MEDIUM

CVSS:4.6(Medium)

The lockscreen feature in Mozilla Firefox OS before 2.5 does not properly restrict failed authentication attempts, which makes it easier for physically proximate attackers to obtain access by entering...

CWE-2842015

CVE-2016-4032

MEDIUM

CVSS:4.6(Medium)

Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I9192 build I9192XXUBNB1 (Galaxy S4 mini), GT-I9195 build I9195XXUCOL1 (Galaxy S4 mini LTE), and GT-I...

CWE-2842016

CVE-2016-6769

MEDIUM

CVSS:4.6(Medium)

An elevation of privilege vulnerability in Smart Lock could enable a local malicious user to access Smart Lock settings without a PIN. This issue is rated as Moderate because it first requires physica...

CWE-2842016

CVE-2022-25831

MEDIUM

CVSS:4.6(Medium)

Improper access control vulnerability in S Secure prior to SMR Apr-2022 Release 1 allows physical attackers to access secured data in certain conditions.

CWE-2842022

CVE-2022-36851

MEDIUM

CVSS:4.6(Medium)

Improper access control vulnerability in Samsung pass prior to version 4.0.03.1 allow physical attackers to access data of Samsung pass on a certain state of an unlocked device.

CWE-2842022

CVE-2022-39900

MEDIUM

CVSS:4.6(Medium)

Improper access control vulnerability in Nice Catch prior to SMR Dec-2022 Release 1 allows physical attackers to access contents of all toast generated in the application installed in Secure Folder th...

CWE-2842022