漏洞标题
improper access control to voting votes
漏洞描述信息
投票选项的访问控制不当
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
漏洞类别
N/A
漏洞标题
Improper access control to polling votes
漏洞描述信息
BigBlueButton is an open source web conferencing system. Versions prior to 2.4.0 expose sensitive information to Unauthorized Actors. This issue affects meetings with polls, where the attacker is a meeting participant. Subscribing to the current-poll collection does not update the client UI, but does give the attacker access to the contents of the collection, which include the individual poll responses. This issue is patched in version 2.4.0. There are no workarounds.
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
漏洞类别
信息暴露
漏洞标题
BigBlueButton 安全漏洞
漏洞描述信息
BigBlueButton是BigBlueButton社区的一套开源的Web会议系统。 BigBlueButton 2.4.0之前版本存在安全漏洞,该漏洞源于将敏感信息暴露给未经授权的参与者,此问题会影响投票会议,其中攻击者是会议参与者。
CVSS信息
N/A
漏洞类别
其他