bbb-web API 附加参数已考虑（CVE-2024-38518）

admin

0
文章

0
评论

2024-06-30 22:20:33 Ali_nvd 来源：ZONE.CI 全球网 0 阅读模式

bbb-web API 附加参数已考虑（CVE-2024-38518）

CVE编号

CVE-2024-38518

利用情况

暂无

补丁情况

N/A

披露时间

2024-06-29

漏洞描述

BigBlueButton is an open-source virtual classroom designed to help teachers teach and learners learn. An attacker with a valid join link to a meeting can trick BigBlueButton into generating a signed join link with additional parameters. One of those parameters may be "role=moderator", allowing an attacker to join a meeting as moderator using a join link that was originally created for viewer access. This vulnerability has been patched in version(s) 2.6.18, 2.7.8 and 3.0.0-alpha.7.

解决建议

建议您更新当前系统或软件至最新版，完成漏洞的修复。

参考链接
https://github.com/bigbluebutton/bigbluebutton/commit/a9d436accdcd26ea66bed9f...
https://github.com/bigbluebutton/bigbluebutton/commit/ea6e9461dceae8fa593543d...
https://github.com/bigbluebutton/bigbluebutton/pull/20279
https://github.com/bigbluebutton/bigbluebutton/security/advisories/GHSA-4m48-...