2 matches found
CVE-2023-43798
CVE-2023-43798 affects BigBlueButton prior to 2.6.12 and 2.7.0-rc.1, enabling Server-Side Request Forgery (SSRF) and bypassing CVE-2023-33176. The root cause is improper handling of redirects in the HTTP client during presentation URL download, which allowed unvalidated external URLs to be used i...
CVE-2023-43798 BigBlueButton Blind SSRF When Uploading Presentation (mitigation bypass)
BigBlueButton is an open-source virtual classroom. BigBlueButton prior to versions 2.6.12 and 2.7.0-rc.1 is vulnerable to Server-Side Request Forgery SSRF. This issue is a bypass of CVE-2023-33176. A patch in versions 2.6.12 and 2.7.0-rc.1 disabled follow redirect at httpclient.execute since the...