CVE-2024-39302 | BigBlueButton up to 2.6.17/2.7.7/3.0.0-alpha6 resque-2.6.0 privileges management (GHSA-5966-9hw8-q96q)

Posted by Angelo Barbosa | Jun 29, 2024 | CVE

A vulnerability was found in BigBlueButton up to 2.6.17/2.7.7/3.0.0-alpha6. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /usr/local/bigbluebutton/core/vendor/bundle/ruby/2.7.0/gems/resque-2.6.0. The manipulation leads to improper privilege management.

This vulnerability is known as CVE-2024-39302. The attack can be launched remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-39302 | BigBlueButton up to 2.6.17/2.7.7/3.0.0-alpha6 resque-2.6.0 privileges management (GHSA-5966-9hw8-q96q)

Related Posts

CVE-2024-2441 | VikBooking Hotel Booking Engine & PMS Plugin up to 1.6.7 on WordPress Setting authorization

CVE-2024-45281 | SAP BusinessObjects Business Intelligence Platform 430 untrusted search path

CVE-2024-30528 | Spiffy Calendar Plugin up to 4.9.10 on WordPress authorization

CVE-2024-21879 | Enphase IQ Gateway prior 8.2.4225 URL Parameter command injection