Username Information Leak in Greenlight BigBlueButton Integration

Username Information Leak in Greenlight BigBlueButton Integration

CVE-2020-27612 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Greenlight in BigBlueButton through 2.2.28 places usernames in room URLs, which may represent an unintended information leak to users in a room, or an information leak to outsiders if any user publishes a screenshot of a browser window.

Learn more about our User Device Pen Test.