CVE Daily
← All tags

Tag: Greenlight

All CVEs associated with "Greenlight". Page 1/1 • 7 CVEs.

About “Greenlight”

A curated feed of “Greenlight”-related CVEs appears below. We currently track 7 CVEs for this tag (all time). In the last 365 days, 0 were published. Average CVSS is 6.7 (all time), and 43% are rated High/Critical (all time). Top CWEs (all time): CWE-601 - URL Redirection to Untrusted Site ('Open Redirect'), CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), CWE-269 - Improper Privilege Management.

In our taxonomy this topic maps to a LOW impact class. Vendor advisories and release notes are key. Verify compatibility matrices, prefer supported long term versions, and stage rollouts with monitoring. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

Support & lifecycle: greenlight

This table shows recent release cycles and their projected end-of-life. Data source: endoflife.date.

CycleReleaseLatestEOLLTS
33.8.2-
22.14.10 Expired

Maintained Soon (≤ 180 days) Expired

Subscribe lifecycle: RSS (expired)  ·  ICS

Subscribe CVEs: RSS for “Greenlight”  ·  RSS (High+Critical only)

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2024-04-25
Critical

CVE-2022-36029

Greenlight is an end-user interface for BigBlueButton servers. Versions prior to 2.13.0 have an open redirect vulnerability in the Login page due to unchecked the value of the `return_to` cookie. Ver…

CVSS: 9.1 CWE: CWE-601 - URL Redirection to Untrusted Site ('Open Redirect') View on NVD
Critical

CVE-2022-36028

Greenlight is an end-user interface for BigBlueButton servers. Versions prior to 2.13.0 have an open redirect vulnerability in the Login page due to unchecked the value of the `return_to` cookie. Ver…

CVSS: 9.1 CWE: CWE-601 - URL Redirection to Untrusted Site ('Open Redirect') View on NVD
2022-06-27
Medium

CVE-2022-31039

Greenlight is a simple front-end interface for your BigBlueButton server. In affected versions an attacker can view any room's settings even though they are not authorized to do so. Only the room own…

CVSS: 4.3 CWE: CWE-269 - Improper Privilege Management View on NVD
2022-06-02
Medium

CVE-2022-26497

BigBlueButton Greenlight 2.11.1 allows XSS. A threat actor could have a username containing a JavaScript payload. The payload gets executed in the browser of the victim in the "Share room access" dia…

CVSS: 5.4 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2020-10-22
Medium

CVE-2020-27642

A cross-site scripting (XSS) vulnerability exists in the 'merge account' functionality in admins.js in BigBlueButton Greenlight 2.7.6.

CVSS: 6.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2020-10-21
Medium

CVE-2020-27612

Greenlight in BigBlueButton through 2.2.28 places usernames in room URLs, which may represent an unintended information leak to users in a room, or an information leak to outsiders if any user publis…

CVSS: 4.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2020-09-30
High

CVE-2020-26163

BigBlueButton Greenlight before 2.5.6 allows HTTP header (Host and Origin) attacks, which can result in Account Takeover if a victim follows a spoofed password-reset link.

CVSS: 8.8 CWE: N/A View on NVD
CVE Daily Lookup — auto-links CVE IDs on any page you visit. GitHub, Jira, Confluence & more. Free.
Chrome Firefox