CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

CVE-2023-6905

CVE-2023-6903

CVE-2023-6904

CVE-2023-3907

In BigBlueButton before 2.2.7, lockSettingsProps.disablePrivateChat does not apply to already opened chats. This occurs in bigbluebutton-html5/imports/ui/components/chat/service.js.

@@ -133,9 +133,8 @@ const getPrivateGroupMessages = () => {  
const isChatLocked \= (receiverID) \=> { const isPublic \= receiverID \=== PUBLIC\_CHAT\_ID;  
const meeting \= Meetings.findOne({ meetingId: Auth.meetingID }, { fields: { 'lockSettingsProps.disablePublicChat': 1 } }); { fields: { 'lockSettingsProps.disablePublicChat': 1, 'lockSettingsProps.disablePrivateChat': 1 } }); const user \= Users.findOne({ meetingId: Auth.meetingID, userId: Auth.userID }, { fields: { locked: 1, role: 1 } }); const receiver \= Users.findOne({ meetingId: Auth.meetingID, userId: receiverID },

Headline

CVE-2020-27601: fix private chat lock not applying to already opened chats · bigbluebutton/bigbluebutton@7dcdfb1

CVE: Latest News