Today > vulnerabilities   -   You can now download lists of IOCs here!

CVE-2024-38273

June 18, 2024, 8:15 p.m.

Product(s) Impacted

BigBlueButton

Description

Insufficient capability checks meant it was possible for users to gain access to BigBlueButton join URLs they did not have permission to access.

Weaknesses

CWE-284
Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

CWE ID: 284

Date

Published: June 18, 2024, 8:15 p.m.

Last Modified: June 18, 2024, 8:15 p.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

patrick@puiterwijk.org

References

https://moodle.org/ patrick@puiterwijk.org