CVE-2022-41962 LOW

CVE-2022-41962: BigBlueButton contains Incorrect Authorization for setting emoji status

Vendor Bigbluebutton

Product bigbluebutton

Weakness CWE-863 · Incorrect authorization

Published December 16, 2022

Last update April 17, 2025

View on NVD All CVEs

CVSS base score

2.7/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction None

Confidentiality None

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

BigBlueButton is an open source web conferencing system. Versions prior to 2.4-rc-6, and 2.5-alpha-1 contain Incorrect Authorization for setting emoji status. A user with moderator rights can use the clear status feature to set any emoji status for other users. Moderators should only be able to set none as the status of other users. This issue is patched in 2.4-rc-6 and 2.5-alpha-1There are no workarounds.

Key dates

02Disclosure timeline

December 16, 2022 CVE published

April 17, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-41962

Related vulnerabilities

CVE-2022-41962: BigBlueButton contains Incorrect Authorization for setting emoji status

01Description

02Disclosure timeline

03References

04Related CVE