Separator Injection Vulnerability in BigBlueButton by BigBlueButton Inc.
CVE-2020-27602
9.8CRITICAL
What is CVE-2020-27602?
BigBlueButton versions prior to 2.2.7 are susceptible to a separator injection vulnerability. This flaw occurs due to the lack of a protective mechanism in handling input values such as meetingId, userId, and authToken. Attackers could exploit this weakness to inject malicious data, potentially compromising session integrity and leading to unauthorized access within the application. Users are advised to upgrade to version 2.2.7 or later to mitigate the risks associated with this vulnerability.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
References
CVSS V3.1
Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved