CVE-2020-28954

Published: Nov 19, 2020

Modified: Aug 4, 2024

PUBLISHED

Description

web/controllers/ApiController.groovy in BigBlueButton before 2.2.29 lacks certain parameter sanitization, as demonstrated by accepting control characters in a user name.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/bigbluebutton/bigbluebutton/compare/v2.2.28...v2.2.29

x_refsource_MISC

https://github.com/bigbluebutton/bigbluebutton/commit/e59bcd0c33a6a3203c011faa8823ba2cac1e4f37

x_refsource_MISC

https://github.com/bigbluebutton/bigbluebutton/issues/10818

x_refsource_MISC

https://github.com/bigbluebutton/bigbluebutton/commit/5c911ddeec4493f40f42e2f137800ed4692004a4

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2020-28954

Description

Affected Products

References