CVE-2024-38273

CVE-2024-38273: moodle: BigBlueButton web service leaks meeting joining information to users who should not have access

Vendor Moodle
Product Moodle
Weakness CWE-284
Published June 18, 2024
Last update February 13, 2025

CVSS base score

What the vulnerability does

01Description

Insufficient capability checks meant it was possible for users to gain access to BigBlueButton join URLs they did not have permission to access.

Key dates

02Disclosure timeline

June 18, 2024 CVE published
February 13, 2025 Record updated