Account Activation Bypass in BigBlueButton by Blindly Approving User Accounts
CVE-2020-29043

7.5HIGH

Key Information:

Vendor: Bigbluebutton
Status: Bigbluebutton
Vendor: CVE Published:; 26 November 2020

🔔 Create Bigbluebutton Vulnerability Alert

What is CVE-2020-29043?

An issue in BigBlueButton versions up to 2.2.29 allows an attacker to exploit the account activation functionality. By manipulating the 'account_activations/edit?token=' URI, attackers can create a user account linked to any email address, bypassing necessary validation checks. This vulnerability poses risks as it enables unauthorized access and potential misuse of the platform.