CVE-2020-26163

Published September 30th, 2020

View on NVD ↗

CVSS v3

8.8

HIGH

CVSS v2

6.8

MEDIUM

Affected

PROJECT

Description

BigBlueButton Greenlight before 2.5.6 allows HTTP header (Host and Origin) attacks, which can result in Account Takeover if a victim follows a spoofed password-reset link.

bigbluebutton/greenlight

A really simple end-user interface for your BigBlueButton server.

GitHub

845