Lucene search
GoogleOSV:CVE-2023-42803HistoryOct 30, 2023 - 7:15 p.m.
CVE-2023-42803
2023-10-3019:15:07
Google
osv.dev
5
bigbluebutton
virtual classroom
unrestricted file upload
insertdocument api
validation failures
software vulnerability
BigBlueButton is an open-source virtual classroom. BigBlueButton prior to version 2.6.0-beta.2 is vulnerable to unrestricted file upload, where the insertDocument API call does not validate the given file extension before saving the file, and does not remove it in case of validation failures. BigBlueButton 2.6.0-beta.2 contains a patch. There are no known workarounds.
Related
cve
cve
CVE-2023-42803
2023-10-30 19:15:07
vulnrichment
vulnrichment
CVE-2023-42803 BigBlueButton Unrestricted File Upload vulnerability
2023-10-30 18:11:35
prion
prion
Unrestricted file upload
2023-10-30 19:15:00
cvelist
cvelist
CVE-2023-42803 BigBlueButton Unrestricted File Upload vulnerability
2023-10-30 18:11:35
nvd
nvd
CVE-2023-42803
2023-10-30 19:15:07