CVE-2022-41964 MEDIUM

CVE-2022-41964: BigBlueButton contains Response leaks in anonymous polls

Vendor Bigbluebutton

Product bigbluebutton

Weakness CWE-200 · Info exposure

Published December 16, 2022

Last update April 17, 2025

View on NVD All CVEs

CVSS base score

5.7/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction Required

Confidentiality High

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

BigBlueButton is an open source web conferencing system. This vulnerability only affects release candidates of BigBlueButton 2.4. The attacker can start a subscription for poll results before starting an anonymous poll, and use this subscription to see individual responses in the anonymous poll. The attacker had to be a meeting presenter. This issue is patched in version 2.4.0. There are no workarounds.

Key dates

02Disclosure timeline

December 16, 2022 CVE published

April 17, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-41964 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/200.html

Related vulnerabilities

CVE-2022-41964: BigBlueButton contains Response leaks in anonymous polls

01Description

02Disclosure timeline

03References

04Related CVE