CVE-2026-27466
中文标题:
(暂无数据)
英文标题:
BigBlueButton: Exposed ClamAV port enables Denial of Service
漏洞描述
中文描述:
(暂无数据)
英文描述:
BigBlueButton is an open-source virtual classroom. In versions 3.0.21 and below, the official documentation for "Server Customization" on Support for ClamAV as presentation file scanner contains instructions that leave a BBB server vulnerable for Denial of Service. The flawed command exposes both ports (3310 and 7357) to the internet. A remote attacker can use this to send complex or large documents to clamd and waste server resources, or shutdown the clamd process. The clamd documentation explicitly warns about exposing this port. Enabling ufw (ubuntu firewall) during install does not help, because Docker routes container traffic through the nat table, which is not managed or restricted by ufw. Rules installed by ufw in the filter table have no effect on docker traffic. In addition, the provided example also mounts /var/bigbluebutton with write permissions into the container, which should not be required. Future vulnerabilities in clamd may allow attackers to manipulate files in that folder. Users are unaffected unless they have opted in to follow the extra instructions from BigBlueButton's documentation. This issue has been fixed in version 3.0.22.
CWE类型:
标签:
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| bigbluebutton | bigbluebutton | < 3.0.22 | - | - |
cpe:2.3:a:bigbluebutton:bigbluebutton:<_3.0.22:*:*:*:*:*:*:*
|
| bigbluebutton | bigbluebutton | * | - | - |
cpe:2.3:a:bigbluebutton:bigbluebutton:*:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
英文解决方案:
临时解决方案:
CVSS评分详情
3.1 (cna)
HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L
时间信息
利用信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2026-27466 |
2026-02-22 03:19:44 | 2026-02-21 22:00:00 |
| NVD | nvd_CVE-2026-27466 |
2026-02-22 02:00:04 | 2026-02-21 22:00:01 |
版本与语言
安全公告
变更历史
查看详细变更
- affected_products_count: 1 -> 2
查看详细变更
- data_sources: ['cve'] -> ['cve', 'nvd']