← Back

CVE-2023-42803

nvd nist
Published: Oct 30, 2023Modified: Nov 21, 2024

JSON object

Loading...
8.8
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD

Description

BigBlueButton is an open-source virtual classroom. BigBlueButton prior to version 2.6.0-beta.2 is vulnerable to unrestricted file upload, where the insertDocument API call does not validate the given file extension before saving the file, and does not remove it in case of validation failures. BigBlueButton 2.6.0-beta.2 contains a patch. There are no known workarounds.

Affected (6)

Bigbluebutton
1 product
Bigbluebutton
Configuration A
6 vulnerable
Vulnerable SoftwareAffected Versions
Bigbluebutton
Bigbluebutton
Up to 2.5.18
Bigbluebutton
Version 2.6.0 alpha1
Bigbluebutton
Version 2.6.0 alpha2
Bigbluebutton
Version 2.6.0 alpha3
Bigbluebutton
Version 2.6.0 alpha4
Bigbluebutton
Version 2.6.0 beta1

Related CWEs

CWE-434
Unrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (4)

Source: security-advisories@github.com
Third Party Advisory
Source: security-advisories@github.com
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.