{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-10T19:07:25.635","vulnerabilities":[{"cve":{"id":"CVE-2022-29234","sourceIdentifier":"security-advisories@github.com","published":"2022-06-02T00:15:08.290","lastModified":"2024-11-21T06:58:46.477","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"BigBlueButton is an open source web conferencing system. Starting in version 2.2 and prior to versions 2.3.18 and 2.4.1, an attacker could send messages to a locked chat within a grace period of 5s any lock setting in the meeting was changed. The attacker needs to be a participant in the meeting. Versions 2.3.18 and 2.4.1 contain a patch for this issue. There are currently no known workarounds."},{"lang":"es","value":"BigBlueButton es un sistema de conferencias web de código abierto. A partir de la versión 2.2 y versiones hasta 2.3.18 y 2.4.1, un atacante podía enviar mensajes a un chat bloqueado dentro de un período de gracia de 5s después de la configuración del bloqueo. El atacante debe ser un participante en la reunión. Las versiones 2.3.18 y 2.4.1 contienen un parche para este problema. Actualmente no son conocidas mitigaciones"}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:N/I:P/A:N","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-285"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:bigbluebutton:bigbluebutton:*:*:*:*:*:*:*:*","versionStartIncluding":"2.2.0","versionEndExcluding":"2.3.18","matchCriteriaId":"60814A0D-57C0-4407-B7DD-26A9D5C3DBB1"},{"vulnerable":true,"criteria":"cpe:2.3:a:bigbluebutton:bigbluebutton:*:*:*:*:*:*:*:*","versionStartIncluding":"2.4","versionEndExcluding":"2.4.1","matchCriteriaId":"B0BE662F-4DB9-457E-8C04-F16081946A64"}]}]}],"references":[{"url":"https://github.com/bigbluebutton/bigbluebutton/pull/13850","source":"security-advisories@github.com","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/bigbluebutton/bigbluebutton/pull/14265","source":"security-advisories@github.com","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/bigbluebutton/bigbluebutton/releases/tag/v2.3.18","source":"security-advisories@github.com","tags":["Release Notes","Third Party Advisory"]},{"url":"https://github.com/bigbluebutton/bigbluebutton/releases/tag/v2.4.1","source":"security-advisories@github.com","tags":["Release Notes","Third Party Advisory"]},{"url":"https://github.com/bigbluebutton/bigbluebutton/security/advisories/GHSA-36vc-c338-6xjv","source":"security-advisories@github.com","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/bigbluebutton/bigbluebutton/pull/13850","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/bigbluebutton/bigbluebutton/pull/14265","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/bigbluebutton/bigbluebutton/releases/tag/v2.3.18","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Third Party Advisory"]},{"url":"https://github.com/bigbluebutton/bigbluebutton/releases/tag/v2.4.1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Third Party Advisory"]},{"url":"https://github.com/bigbluebutton/bigbluebutton/security/advisories/GHSA-36vc-c338-6xjv","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]}]}}]}