CVE-2020-26163
N/A
N/A
Summary
BigBlueButton Greenlight before 2.5.6 allows HTTP header (Host and Origin) attacks, which can result in Account Takeover if a victim follows a spoofed password-reset link.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://www.sakshamanand.com/host-header-injection-bigbluebutton/
- https://github.com/bigbluebutton/greenlight/releases/tag/release-2.5.6
- https://github.com/bigbluebutton/greenlight/pull/1543
References
- https://www.sakshamanand.com/host-header-injection-bigbluebutton/
- https://github.com/bigbluebutton/greenlight/releases/tag/release-2.5.6
- https://github.com/bigbluebutton/greenlight/pull/1543
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.