{"id":"CVE-2022-36029","summary":"BigBlueButton Greenlight Open Redirect vulnerability","details":"Greenlight is an end-user interface for BigBlueButton servers. Versions prior to 2.13.0 have an open redirect vulnerability in the Login page due to unchecked the value of the `return_to` cookie. Versions 2.13.0 contains a patch for the issue.\n","modified":"2026-04-14T04:24:05.620510Z","published":"2024-04-25T20:42:15.171Z","database_specific":{"unresolved_ranges":[{"source":"AFFECTED_FIELD","extracted_events":[{"fixed":"2.13.0"}]}],"cwe_ids":["CWE-601"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/36xxx/CVE-2022-36029.json","cna_assigner":"GitHub_M"},"references":[{"type":"WEB","url":"https://huntr.com/bounties/ba5834bd-1f04-4936-8e93-2442d45403bahttps://"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/36xxx/CVE-2022-36029.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-36029"},{"type":"FIX","url":"https://github.com/bigbluebutton/greenlight/commit/20fe1ee71b5703fcc4ed698a959ad224fed19623"},{"type":"PACKAGE","url":"https://github.com/bigbluebutton/greenlight"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/bigbluebutton/greenlight","events":[{"introduced":"0"},{"fixed":"3622a25e134eaea16eadc8795ebc05df9461ceeb"},{"fixed":"20fe1ee71b5703fcc4ed698a959ad224fed19623"}],"database_specific":{"source":["CPE_FIELD","REFERENCES"],"extracted_events":[{"introduced":"0"},{"fixed":"2.13.0"}],"cpe":"cpe:2.3:a:bigbluebutton:greenlight:*:*:*:*:*:*:*:*"}}],"versions":["release-2.0.0","release-2.0.1","release-2.0.2","release-2.0.3","release-2.0.4","release-2.0.5","release-2.0.6","release-2.0.7","release-2.0.8","release-2.0.9","release-2.1.0","release-2.1.1","release-2.1.2","release-2.1.3","release-2.10.0","release-2.10.0.1","release-2.10.0.1-beta.1","release-2.10.0.2","release-2.10.0.3","release-2.11.0","release-2.11.1","release-2.11.2","release-2.12.0","release-2.12.1","release-2.12.1.1","release-2.12.1.1-beta.1","release-2.12.2","release-2.12.2.1","release-2.12.3","release-2.12.4","release-2.12.5","release-2.12.6","release-2.12.6-beta.1","release-2.2.0","release-2.2.1","release-2.2.2","release-2.2.3","release-2.3.0","release-2.3.1","release-2.3.2","release-2.3.3","release-2.3.4","release-2.4","release-2.4-b1","release-2.4-b2","release-2.4-b3","release-2.4-rc1","release-2.4.1","release-2.4.2","release-2.4.2-rc.1","release-2.5","release-2.5-rc.1","release-2.5.1","release-2.5.2","release-2.5.3","release-2.5.5","release-2.5.6","release-2.6","release-2.6.1","release-2.6.2","release-2.6.3","release-2.6.4","release-2.6.5","release-2.7","release-2.7.1","release-2.7.10","release-2.7.11","release-2.7.12","release-2.7.13","release-2.7.14","release-2.7.15","release-2.7.15.1","release-2.7.16","release-2.7.17","release-2.7.18","release-2.7.19","release-2.7.2","release-2.7.20","release-2.7.3","release-2.7.4","release-2.7.5","release-2.7.6","release-2.7.7","release-2.7.8","release-2.7.9","release-2.8","release-2.8.1","release-2.8.2","release-2.8.2.1","release-2.8.2.2","release-2.8.3","release-2.8.4","release-2.8.5","release-2.8.6","release-2.8.7","release-2.9.0","release-2.9.1","release-2.9.2","release-2.9.3-beta.1","release-2.9.3-beta.2","release-2.9.3-beta.3"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-36029.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"}]}