CVE-2020-12112

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2020-12112

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-12112.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2020-12112

Published

2020-04-23T18:15:11.717Z

Modified

2025-11-14T10:11:04.928791Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

BigBlueButton before 2.2.5 allows remote attackers to obtain sensitive files via Local File Inclusion.

References

Affected packages

Git / github.com/bigbluebutton/bigbluebutton

Affected ranges

Type: GIT
Repo: https://github.com/bigbluebutton/bigbluebutton
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

a3d5cbee1d95d3d4996eae02dbaa37967aba3166

Affected versions

0.*

0.81-dev-deskshare-fixes-compatible-with-0.8

2.*

2.2-beta-10

2.2-beta-11

2.2-beta-12

2.2-beta-14

2.2-beta-15

2.2-beta-16

2.2-beta-17

2.2-beta-18

2.2-beta-19

2.2-beta-2

2.2-beta-20

2.2-beta-21

2.2-beta-22

2.2-beta-23

2.2-beta-3

2.2-beta-4

2.2-beta-5

2.2-beta-6

2.2-beta-7

2.2-beta-8

2.2-beta-9

2.2-rc-1

2.2-rc-2

2.2-rc-4

2.2-rc-5

2.2-rc-6

Other

dcs-2-a

pre-recording-merge

v0.*

v0.7

v0.71

v0.71a

v0.8

v0.81

v0.81b

v0.81rc

v0.81rc2

v0.81rc3

v0.81rc4

v0.81rc5

v0.8b4

v0.8b4.0

v0.8rc2

v0.9.0-beta

v0.9.1

v0.9.2

v1.*

v1.0.0

v1.1.0

v2.*

v2.0-rc2

v2.0-rc3

v2.0-rc4

v2.0-rc5

v2.0-rc6

v2.0-rc7

v2.0.x-html5-beta1

v2.2.0

v2.2.1

v2.2.2

v2.2.3

v2.2.4

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-12112.json"