4 matches found
CVE-2020-25820
BigBlueButton before 2.2.7 allows remote authenticated users to read local files and conduct SSRF attacks via an uploaded Office document that has a crafted URL in an ODF xlink field...
CVE-2020-25820
BigBlueButton before 2.2.7 allows remote authenticated users to read local files and conduct SSRF attacks via an uploaded Office document that has a crafted URL in an ODF xlink field...
CVE-2020-25820
CVE-2020-25820 — BigBlueButton before 2.2.7 allows remote authenticated users to read local files and perform server-side requests via an uploaded Office document containing a crafted URL in an ODF xlink field, enabling Arbitrary File Disclosure and SSRF. Affected product: BigBlueButton web confe...
BigBlueButton 2.2.25 File Disclosure / Server-Side Request Forgery
Advisory: Arbitrary File Disclosure and Server-Side Request Forgery in BigBlueButton RedTeam Pentesting discovered a vulnerability in the BigBlueButton web conferencing system which allows participants of a conference with permissions to upload presentations to read arbitrary files from the file...