When duplicating a BigBlueButton activity, the original meeting ID was also duplicated instead of using a new ID for the new activity. This could provide unintended access to the original meeting. This flaw affects versions 4.2 to 4.2.2, 4.1 to 4.1.5 and 4.0 to 4.0.10.
https://moodle.org/mod/forum/discuss.php?d=451584
Created moodle tracking bugs for this issue: Affects: epel-7 [bug 2244904] Affects: fedora-all [bug 2244905]