BigBlueButton subject to Ineffective user bans

BigBlueButton is an open source web conferencing system. Versions prior to 2.4-rc-6 are subject to Ineffective user bans. The attacker could register multiple users, and join the meeting with one of them. When that user is banned, they could still join the meeting with the remaining registered users from the same extId. This issue has been fixed by improving permissions such that banning a user removes all users related to their extId, including registered users that have not joined the meeting. This issue is patched in versions 2.4-rc-6 and 2.5-alpha-1. There are no workarounds.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

源验证错误

BigBlueButton 访问控制错误漏洞

BigBlueButton是BigBlueButton社区的一套开源的Web会议系统。 BigBlueButton 2.4-rc-6 之前版本存在访问控制错误漏洞，该漏洞源于受到无效用户禁令的约束，攻击者利用该漏洞可以注册多个用户，并与其中之一一起加入会议。

N/A

N/A