[RT-SA-2020-005] Arbitrary File Disclosure and Server-Side Request Forgery in BigBlueButton
Posted by RedTeam Pentesting GmbH on Oct 21
Advisory: Arbitrary File Disclosure and Server-Side Request Forgery in BigBlueButton
RedTeam Pentesting discovered a vulnerability in the BigBlueButton web
conferencing system which allows participants of a conference with
permissions to upload presentations to read arbitrary files from the
file system and perform server-side requests. This leads to
administrative access to the BigBlueButton instance.
Details
=======
Product: BigBlueButton…
If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.
