CVE-2024-39302
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-39302
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-39302.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-39302
- Related
- Published
- 2024-06-28T21:15:03Z
- Modified
- 2025-07-02T00:32:21.642370Z
- Summary
- [none]
- Details
-
BigBlueButton is an open-source virtual classroom designed to help teachers teach and learners learn. An attacker may be able to exploit the overly elevated file permissions in the
/usr/local/bigbluebutton/core/vendor/bundle/ruby/2.7.0/gems/resque-2.6.0directory with the goal of privilege escalation, potentially exposing sensitive information on the server. This issue has been patched in version(s) 2.6.18, 2.7.8 and 3.0.0-alpha.7. - References
-
- https://github.com/bigbluebutton/bigbluebutton/security/advisories/GHSA-5966-9hw8-q96q
- https://github.com/bigbluebutton/bigbluebutton/commit/04e916798b6b1f53f88513df3168f009b57b8f18
- https://github.com/bigbluebutton/bigbluebutton/commit/b9a46197ed924783f06a24381e923b3329b9c91a
- https://github.com/bigbluebutton/bigbluebutton/commit/f4502e4927609374f5356f824f5dac0101f9976a
Affected packages
Git / github.com/bigbluebutton/bigbluebutton
Affected ranges
- Type
- GIT
- Repo
- https://github.com/bigbluebutton/bigbluebutton
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedFixedFixed
Affected versions
0.*
0.81-dev-deskshare-fixes-compatible-with-0.8
2.*
2.2-beta-10
2.2-beta-11
2.2-beta-12
2.2-beta-14
2.2-beta-15
2.2-beta-16
2.2-beta-17
2.2-beta-18
2.2-beta-19
2.2-beta-2
2.2-beta-20
2.2-beta-21
2.2-beta-22
2.2-beta-23
2.2-beta-3
2.2-beta-4
2.2-beta-5
2.2-beta-6
2.2-beta-7
2.2-beta-8
2.2-beta-9
2.2-rc-1
2.2-rc-2
2.2-rc-3
2.2-rc-4
2.2-rc-5
2.2-rc-6
2.4-rc-2
2.5.0-rc.3
Other
dcs-2-a
pre-recording-merge
v0.*
v0.7
v0.71
v0.71a
v0.8
v0.81
v0.81b
v0.81rc
v0.81rc2
v0.81rc3
v0.81rc4
v0.81rc5
v0.8b4
v0.8b4.0
v0.8rc2
v0.9.0-beta
v0.9.1
v0.9.2
v1.*
v1.0.0
v1.1.0
v2.*
v2.0-rc2
v2.0-rc3
v2.0-rc4
v2.0-rc5
v2.0-rc6
v2.0-rc7
v2.0.x-html5-beta1
v2.2.0
v2.2.1
v2.2.10
v2.2.11-good
v2.2.12
v2.2.14
v2.2.15
v2.2.16
v2.2.17
v2.2.18
v2.2.19
v2.2.2
v2.2.20
v2.2.21
v2.2.22
v2.2.23
v2.2.24
v2.2.25
v2.2.26
v2.2.27
v2.2.28
v2.2.29
v2.2.3
v2.2.30
v2.2.31
v2.2.32
v2.2.33
v2.2.34
v2.2.35
v2.2.36
v2.2.4
v2.2.5
v2.2.6
v2.2.7
v2.2.8
v2.2.9
v2.3-alpha-1
v2.3-alpha-2
v2.3-alpha-3
v2.3-alpha-4
v2.3-alpha-5
v2.3-alpha-6
v2.3-alpha-7
v2.3-alpha-8
v2.3-beta-1
v2.3-beta-2
v2.3-beta-3
v2.3-beta-4
v2.3-beta-5
v2.3-rc-1
v2.3-rc-2
v2.3.0
v2.3.1
v2.3.10
v2.3.11
v2.3.12
v2.3.13
v2.3.14
v2.3.2
v2.3.3
v2.3.4
v2.3.5
v2.3.6
v2.3.7
v2.3.8
v2.3.9
v2.4-alpha-1
v2.4-alpha-2
v2.4-beta-1
v2.4-beta-2
v2.4-beta-3
v2.4-beta-4
v2.4-rc-1
v2.4-rc-3
v2.4-rc-4
v2.4-rc-5
v2.4-rc-6
v2.4-rc-7
v2.4.0
v2.4.1
v2.4.2
v2.4.3
v2.4.4
v2.4.5
v2.4.6
v2.5-alpha-1
v2.5-alpha-2
v2.5-alpha-3
v2.5-alpha-4
v2.5.0
v2.5.0-alpha.5
v2.5.0-alpha.6
v2.5.0-beta.1
v2.5.0-beta.2
v2.5.0-rc.1
v2.5.0-rc.2
v2.5.0-rc.4
v2.5.1
v2.5.10
v2.5.11
v2.5.2
v2.5.3
v2.5.4
v2.5.5
v2.5.6
v2.5.7
v2.5.8
v2.5.9
v2.6.0
v2.6.0-alpha.1
v2.6.0-alpha.2
v2.6.0-alpha.3
v2.6.0-alpha.4
v2.6.0-beta.1
v2.6.0-beta.2
v2.6.0-beta.3
v2.6.0-beta.4
v2.6.0-beta.5
v2.6.0-beta.6
v2.6.0-beta.7
v2.6.0-rc.1
v2.6.0-rc.2
v2.6.0-rc.3
v2.6.0-rc.4
v2.6.0-rc.5
v2.6.0-rc.6
v2.6.0-rc.7
v2.6.0-rc.8
v2.6.0-rc.9
v2.6.1
v2.6.10
v2.6.11
v2.6.12
v2.6.14
v2.6.15
v2.6.16
v2.6.17
v2.6.2
v2.6.3
v2.6.4
v2.6.5
v2.6.6
v2.6.7
v2.6.8
v2.6.9
v2.7.0
v2.7.0-alpha.1
v2.7.0-alpha.2
v2.7.0-alpha.3
v2.7.0-beta.1
v2.7.0-beta.2
v2.7.0-beta.3
v2.7.0-rc.1
v2.7.0-rc.2
v2.7.1
v2.7.2
v2.7.3
v2.7.4
v2.7.5
v2.7.6
v2.7.7
v3.*
v3.0.0-alpha.1
v3.0.0-alpha.2
v3.0.0-alpha.3
v3.0.0-alpha.4
v3.0.0-alpha.5
v3.0.0-alpha.6