CVE-2020-27602

Published September 29th, 2022

View on NVD ↗

CVSS v3

9.8

CRITICAL

CVSS v2

N/A

Affected

1

PROJECT

Description

BigBlueButton before 2.2.7 does not have a protection mechanism for separator injection in meetingId, userId, and authToken.

bigbluebutton/bigbluebutton

A complete web conferencing system for virtual classes and more!

GitHub

9.17K