Primary

Context

BigBlueButton Open Redirect Vulnerability in Versions Prior to 3.0.24

Vulnerability

Patched

A moderate open redirect vulnerability has been identified in BigBlueButton, an open-source virtual classroom platform. This issue affects versions through 3.0.23 and allows for redirection to a malicious URL via the 'logoutURL' parameter in requests to 'bigbluebutton/api/join'. Version 3.0.24 has addressed this vulnerability by modifying how requests with incorrect checksums are handled, ensuring that the default 'logoutURL' is used instead.

Impact

Exploitation of this vulnerability could lead to an open redirect, where a user is sent to a potentially harmful external URL.

Remediation

Users are advised to update to BigBlueButton version 3.0.24 or later, where this vulnerability has been patched.

Added: Apr 22, 2026, 12:37 AM

Updated: Apr 22, 2026, 12:37 AM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

0.2

exploitability

6.4

remediation

7.7

relevance

6.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

0.2

exploitability

6.4

remediation

7.7

relevance

6.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

BigBlueButton Open Redirect Vulnerability in Versions Prior to 3.0.24

Vulnerability

Impact

Remediation

Affected Products

BigBlueButton

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating