Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:CVE-2023-42804
HistoryOct 30, 2023 - 7:15 p.m.

CVE-2023-42804

2023-10-3019:15:08
Google
osv.dev
7
bigbluebutton
path traversal
input validation
open-source
virtual classroom
software
security vulnerability

AI Score

6.9

Confidence

High

EPSS

0.001

Percentile

26.0%

JSON

BigBlueButton is an open-source virtual classroom. BigBlueButton prior to version 2.6.0-beta.1 has a path traversal vulnerability that allows an attacker with a valid starting folder path, to traverse and read other files without authentication, assuming the files have certain extensions (txt, swf, svg, png). In version 2.6.0-beta.1, input validation was added on the parameters being passed and dangerous characters are stripped. There are no known workarounds.

Related

cve 1
cvelist 1
prion 1
nvd 1
vulnrichment 1
cve
cve
CVE-2023-42804
2023-10-30 19:15:08
cvelist
cvelist
CVE-2023-42804 BigBlueButton Path Traversal – Reading Certain File Extensions
2023-10-30 18:14:41
prion
prion
Path traversal
2023-10-30 19:15:00
nvd
nvd
CVE-2023-42804
2023-10-30 19:15:08
vulnrichment
vulnrichment
CVE-2023-42804 BigBlueButton Path Traversal – Reading Certain File Extensions
2023-10-30 18:14:41

AI Score

6.9

Confidence

High

EPSS

0.001

Percentile

26.0%

JSON
Related for OSV:CVE-2023-42804
cve1cvelist1prion1nvd1vulnrichment1