CVE-2020-29042

{"id": "CVE-2020-29042", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.2}]}, "published": "2020-11-26T18:15:10.493", "references": [{"url": "http://packetstormsecurity.com/files/160238/BigBlueButton-2.2.29-Brute-Force.html", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://cxsecurity.com/issue/WLB-2020110210", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/bigbluebutton/bigbluebutton/releases", "tags": ["Release Notes", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-307"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in BigBlueButton through 2.2.29. A brute-force attack may occur because an unlimited number of codes can be entered for a meeting that is protected by an access code."}, {"lang": "es", "value": "Se detect\u00f3 un problema en BigBlueButton versiones hasta 2.2.29. Un ataque de fuerza bruta puede ocurrir porque un n\u00famero ilimitado de c\u00f3digos puede ser ingresados para una reuni\u00f3n que est\u00e1 protegida por un c\u00f3digo de acceso"}], "lastModified": "2020-11-29T23:48:18.713", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:bigbluebutton:bigbluebutton:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "02004AC1-A2BB-4587-B803-24A6B6D4751B", "versionEndIncluding": "2.2.29"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}