CVE-2020-27607

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2020-27607

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-27607.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-27607

Published

2020-10-21T15:15:27.170Z

Modified

2026-04-10T04:25:38.980123Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

In BigBlueButton before 2.2.28 (or earlier), the client-side Mute button only signifies that the server should stop accepting audio data from the client. It does not directly configure the client to stop sending audio data to the server, and thus a modified server could store the audio data and/or transmit it to one or more meeting participants or other third parties.

References

https://www.golem.de/news/big-blue-button-das-grosse-blaue-sicherheitsrisiko-2010-151610.html

Affected packages

Git / github.com/bigbluebutton/bigbluebutton

Affected ranges

Type

GIT

Repo

https://github.com/bigbluebutton/bigbluebutton

Events

Introduced

Fixed

563625097e7ebcef462a9e8001798ddb203f1810

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2.2.28"
        }
    ]
}

Affected versions

2.*

2.2-beta-10

2.2-beta-11

2.2-beta-12

2.2-beta-14

2.2-beta-15

2.2-beta-16

2.2-beta-17

2.2-beta-2

2.2-beta-3

2.2-beta-4

2.2-beta-5

2.2-beta-6

2.2-beta-7

2.2-beta-8

2.2-beta-9

2.2-rc-4

2.2-rc-5

2.2-rc-6

Other

dcs-2-a

v0.*

v0.8

v0.8b4

v0.8b4.0

v0.8rc2

v0.9.0-beta

v2.*

v2.2.0

v2.2.1

v2.2.10

v2.2.11-good

v2.2.12

v2.2.14

v2.2.15

v2.2.16

v2.2.17

v2.2.18

v2.2.19

v2.2.2

v2.2.20

v2.2.21

v2.2.22

v2.2.23

v2.2.24

v2.2.25

v2.2.26

v2.2.27

v2.2.3

v2.2.4

v2.2.5

v2.2.6

v2.2.7

v2.2.8

v2.2.9

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-27607.json"