Vulnerability Details : CVE-2022-36028
Greenlight is an end-user interface for BigBlueButton servers. Versions prior to 2.13.0 have an open redirect vulnerability in the Login page due to unchecked the value of the `return_to` cookie. Versions 2.13.0 contains a patch for the issue.
Vulnerability category: Open redirect
Products affected by CVE-2022-36028
Please log in to view affected product information.
Exploit prediction scoring system (EPSS) score for CVE-2022-36028
0.14%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 31 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-36028
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
9.1
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
3.9
|
5.2
|
GitHub, Inc. | 2024-04-25 |
CWE ids for CVE-2022-36028
-
The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.Assigned by: security-advisories@github.com (Secondary)
References for CVE-2022-36028
-
https://github.com/bigbluebutton/greenlight/commit/20fe1ee71b5703fcc4ed698a959ad224fed19623
Added additional check when redirecting with return_to (#3631) · bigbluebutton/greenlight@20fe1ee · GitHub
-
https://huntr.com/bounties/ba5834bd-1f04-4936-8e93-2442d45403bahttps://
huntr - The world’s first bug bounty platform for AI/ML
Jump to