nvd-json-data-feeds/CVE-2022/CVE-2022-419xx/CVE-2022-41964.json

{
  "id": "CVE-2022-41964",
  "sourceIdentifier": "security-advisories@github.com",
  "published": "2022-12-16T18:15:08.407",
  "lastModified": "2022-12-21T18:51:17.913",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "BigBlueButton is an open source web conferencing system. This vulnerability only affects release candidates of BigBlueButton 2.4. The attacker can start a subscription for poll results before starting an anonymous poll, and use this subscription to see individual responses in the anonymous poll. The attacker had to be a meeting presenter. This issue is patched in version 2.4.0. There are no workarounds."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "REQUIRED",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.7,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 2.1,
        "impactScore": 3.6
      },
      {
        "source": "security-advisories@github.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "REQUIRED",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.7,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 2.1,
        "impactScore": 3.6
      }
    ]
  },
  "weaknesses": [
    {
      "source": "security-advisories@github.com",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:bigbluebutton:bigbluebutton:2.4:alpha1:*:*:*:*:*:*",
              "matchCriteriaId": "C136F53E-2EC5-433F-B354-88DA37689142"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:bigbluebutton:bigbluebutton:2.4:alpha2:*:*:*:*:*:*",
              "matchCriteriaId": "626A8774-BC38-4F11-A16B-918EC8740C82"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:bigbluebutton:bigbluebutton:2.4:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "33735D00-C2AC-4FDA-B47B-B15D099F26F3"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:bigbluebutton:bigbluebutton:2.4:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "98890F0C-2E60-4696-A6E5-F44FB2A1A5BD"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:bigbluebutton:bigbluebutton:2.4:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "0C916210-11BF-4F4C-AE3E-29D27135F3F9"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:bigbluebutton:bigbluebutton:2.4:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "ABB37B70-021E-48F6-B3D2-0790A4729A3C"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:bigbluebutton:bigbluebutton:2.4:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "407E0358-75E5-41D9-A624-3C15D2145DDE"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:bigbluebutton:bigbluebutton:2.4:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "12259673-5B79-40E4-8B08-8CB3B9C1A5A9"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:bigbluebutton:bigbluebutton:2.4:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "EC135064-4919-4759-BC25-34C7868F6431"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:bigbluebutton:bigbluebutton:2.4:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "A0173198-BFAB-49E5-898E-173503C452C2"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:bigbluebutton:bigbluebutton:2.4:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "CCB8C413-ECD9-47BF-963C-B3A0F25A1BD8"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:bigbluebutton:bigbluebutton:2.4:rc6:*:*:*:*:*:*",
              "matchCriteriaId": "B8571BDD-2508-4C4F-864D-64BFBE7DC919"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:bigbluebutton:bigbluebutton:2.4:rc7:*:*:*:*:*:*",
              "matchCriteriaId": "C210D3C3-6741-490D-966D-CE4D5F8A2C39"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://github.com/bigbluebutton/bigbluebutton/releases/tag/v2.4.0",
      "source": "security-advisories@github.com",
      "tags": [
        "Release Notes",
        "Third Party Advisory"
      ]
    },
    {
      "url": "https://github.com/bigbluebutton/bigbluebutton/security/advisories/GHSA-fgmj-rx7j-fqr4",
      "source": "security-advisories@github.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ]
    }
  ]
}