CVE-2024-39302

LOW Year: 2024
CVSS v3 Score
3.7
Low
Weakness Type
CWE-269
View all →

Vulnerability Description

BigBlueButton is an open-source virtual classroom designed to help teachers teach and learners learn. An attacker may be able to exploit the overly elevated file permissions in the `/usr/local/bigbluebutton/core/vendor/bundle/ruby/2.7.0/gems/resque-2.6.0` directory with the goal of privilege escalation, potentially exposing sensitive information on the server. This issue has been patched in version(s) 2.6.18, 2.7.8 and 3.0.0-alpha.7.

Related Vulnerabilities

CVE-2022-23485

LOW
CVSS:3.7(Low)

Sentry is an error tracking and performance monitoring platform. In versions of the sentry python library prior to 22.11.0 an attacker with a known valid invite link could manipulate a cookie to allow...

CWE-2692022

CVE-2024-46989

LOW
CVSS:3.7(Low)

spicedb is an Open Source, Google Zanzibar-inspired permissions database to enable fine-grained authorization for customer applications. Multiple caveats over the same indirect subject type on the sam...

CWE-2692024

CVE-2024-51324

LOW
CVSS:3.8(Low)

An issue in the BdApiUtil driver of Baidu Antivirus v5.2.3.116083 allows attackers to terminate arbitrary process via executing a BYOVD (Bring Your Own Vulnerable Driver) attack.

CWE-2692024

CVE-2024-43446

LOW
CVSS:3.5(Low)

An improper privilege management vulnerability in OTRS Generic Interface module allows change of the Ticket status even if the user only has ro permissions. This issue affects: * OTRS 7.0.X * OTRS 8.0...

CWE-2692024

CVE-2019-4112

MEDIUM
CVSS:4.0(Medium)

IBM WebSphere eXtreme Scale 8.6 Admin Console allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 158105.

CWE-2692019

CVE-2019-4174

MEDIUM
CVSS:4.0(Medium)

IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 158879.

CWE-2692019