BigBlueButton is an open-source virtual classroom. BigBlueButton prior to version 2.6.0-beta.2 is vulnerable to unrestricted file upload, where the insertDocument API call does not validate the given file extension before saving the file, and does not remove it in case of validation failures. BigBlueButton 2.6.0-beta.2 contains a patch. There are no known workarounds.
References
Link | Resource |
---|---|
https://github.com/bigbluebutton/bigbluebutton/pull/15990 | Third Party Advisory |
https://github.com/bigbluebutton/bigbluebutton/security/advisories/GHSA-w98f-6x8w-xhjc | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_M
Published: 2023-10-30T18:11:35.630Z
Updated: 2023-10-30T18:11:35.630Z
Reserved: 2023-09-14T16:13:33.306Z
Link: CVE-2023-42803
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-10-30T19:15:07.963
Modified: 2023-11-07T23:25:21.980
Link: CVE-2023-42803
JSON object: View
Redhat Information
No data.
CWE