Lucene search
GoogleOSV:CVE-2023-43798HistoryOct 30, 2023 - 11:15 p.m.
CVE-2023-43798
2023-10-3023:15:08
Google
osv.dev
10
bigbluebutton
ssrf
server-side request forgery
open-source
virtual classroom
vulnerable
patched
upgrade
BigBlueButton is an open-source virtual classroom. BigBlueButton prior to versions 2.6.12 and 2.7.0-rc.1 is vulnerable to Server-Side Request Forgery (SSRF). This issue is a bypass of CVE-2023-33176. A patch in versions 2.6.12 and 2.7.0-rc.1 disabled follow redirect at httpclient.execute since the software no longer has to follow it when using finalUrl. There are no known workarounds. We recommend upgrading to a patched version of BigBlueButton.
Related
vulnrichment
vulnrichment
cve
cve
CVE-2023-43798
2023-10-30 23:15:08
CVE-2023-33176
2023-06-26 20:15:10
prion
prion
Server side request forgery (ssrf)
2023-10-30 23:15:00
Server side request forgery (ssrf)
2023-06-26 20:15:00
cvelist
cvelist
nvd
nvd
CVE-2023-43798
2023-10-30 23:15:08
CVE-2023-33176
2023-06-26 20:15:10
huntr
huntr
Blind SSRF When Uploading Presentation (mitigation bypass)
2023-08-01 16:23:09
osv
osv
CVE-2023-33176
2023-06-26 20:15:10