CVE-2020-27612 Information

Description

Greenlight in BigBlueButton through 2.2.28 places usernames in room URLs which may represent an unintended information leak to users in a room or an information leak to outsiders if any user publishes a screenshot of a browser window.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Reference

https://docs.bigbluebutton.org/admin/privacy.html

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

LOW

Availability Impact

NONE

Base Score

NONE

Base Severity

4.3