CVE-2024-38273

June 18, 2024, 8:15 p.m.

Tags

CWE-284
patrick@puiterwijk.org
2024-06-18
CVE-2024-38273

Product(s) Impacted

BigBlueButton

Description

Insufficient capability checks meant it was possible for users to gain access to BigBlueButton join URLs they did not have permission to access.

Weaknesses

CWE-284
Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

CWE ID: 284

Date

Published: June 18, 2024, 8:15 p.m.

Last Modified: June 18, 2024, 8:15 p.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

patrick@puiterwijk.org

References

https://moodle.org/mod/forum/discuss.php?d=459498
patrick@puiterwijk.org