CVE-2020-26163
Summary
BigBlueButton Greenlight before 2.5.6 allows HTTP header (Host and Origin) attacks, which can result in Account Takeover if a victim follows a spoofed password-reset link.
- LOW
- NETWORK
- HIGH
- UNCHANGED
- REQUIRED
- NONE
- HIGH
- HIGH
References
Advisory Timeline
- Published