CVE-2020-29043

2020-11-2618:15:10

Google

osv.dev

6.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

49.3%

JSON

An issue was discovered in BigBlueButton through 2.2.29. When at attacker is able to view an account_activations/edit?token= URI, the attacker can create an approved user account associated with an email address that has an arbitrary domain name.

CPENameOperatorVersion
bigbluebuttoneq2.2.3
bigbluebuttoneq0.9.2
bigbluebuttoneq2.2-beta-6
bigbluebuttoneq0.8
bigbluebuttoneq2.2.17
bigbluebuttoneq2.2.24
bigbluebuttoneq2.2-beta-14
bigbluebuttoneq2.2-beta-8
bigbluebuttoneq2.2.1
bigbluebuttoneq2.2.28

Name	Operator	Version
bigbluebutton	eq	2.2.3
bigbluebutton	eq	0.9.2
bigbluebutton	eq	2.2-beta-6
bigbluebutton	eq	0.8
bigbluebutton	eq	2.2.17
bigbluebutton	eq	2.2.24
bigbluebutton	eq	2.2-beta-14
bigbluebutton	eq	2.2-beta-8
bigbluebutton	eq	2.2.1
bigbluebutton	eq	2.2.28