{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-20T03:55:40.145","vulnerabilities":[{"cve":{"id":"CVE-2022-41960","sourceIdentifier":"security-advisories@github.com","published":"2022-12-16T00:15:13.530","lastModified":"2024-11-21T07:24:09.460","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"BigBlueButton is an open source web conferencing system. Versions prior to 2.4.3, are subject to Insufficient Verification of Data Authenticity, resulting in Denial of Service. An attacker can make a Meteor call to `validateAuthToken` using a victim's userId, meetingId, and an invalid authToken. This forces the victim to leave the conference, because the resulting verification failure is also observed and handled by the victim's client. The attacker must be a participant in any meeting on the server. This issue is patched in version 2.4.3. There are no workarounds."},{"lang":"es","value":"BigBlueButton es un sistema de conferencias web de código abierto. Las versiones anteriores a la 2.4.3 están sujetas a una verificación insuficiente de la autenticidad de los datos, lo que resulta en una Denegación de Servicio (DoS). Un atacante puede realizar una llamada Meteor a \"validateAuthToken\" utilizando el ID de usuario, el ID de reunión y un token de autenticación no válido de la víctima. Esto obliga a la víctima a abandonar la conferencia, porque el cliente de la víctima también observa y maneja el error de verificación resultante. El atacante debe participar en cualquier reunión en el servidor. Este problema se solucionó en la versión 2.4.3. No hay workaround."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-345"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:bigbluebutton:bigbluebutton:*:*:*:*:*:*:*:*","versionEndExcluding":"2.4.3","matchCriteriaId":"56A77DE5-1BFB-4B62-8C14-A2347B85F844"}]}]}],"references":[{"url":"https://github.com/bigbluebutton/bigbluebutton/releases/tag/v2.4.3","source":"security-advisories@github.com","tags":["Release Notes","Third Party Advisory"]},{"url":"https://github.com/bigbluebutton/bigbluebutton/releases/tag/v2.5-alpha-1","source":"security-advisories@github.com","tags":["Release Notes","Third Party Advisory"]},{"url":"https://github.com/bigbluebutton/bigbluebutton/security/advisories/GHSA-rgjp-3r74-g4cm","source":"security-advisories@github.com","tags":["Release Notes","Third Party Advisory"]},{"url":"https://github.com/bigbluebutton/bigbluebutton/releases/tag/v2.4.3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Third Party Advisory"]},{"url":"https://github.com/bigbluebutton/bigbluebutton/releases/tag/v2.5-alpha-1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Third Party Advisory"]},{"url":"https://github.com/bigbluebutton/bigbluebutton/security/advisories/GHSA-rgjp-3r74-g4cm","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Third Party Advisory"]}]}}]}