CVE-2023-43798 - OpenCVE

BigBlueButton is an open-source virtual classroom. BigBlueButton prior to versions 2.6.12 and 2.7.0-rc.1 is vulnerable to Server-Side Request Forgery (SSRF). This issue is a bypass of CVE-2023-33176. A patch in versions 2.6.12 and 2.7.0-rc.1 disabled follow redirect at `httpclient.execute` since the software no longer has to follow it when using `finalUrl`. There are no known workarounds. We recommend upgrading to a patched version of BigBlueButton.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Bigbluebutton	Bigbluebutton

Configuration 1 [-]

OR	cpe:2.3:a:bigbluebutton:bigbluebutton::::::::
	cpe:2.3:a:bigbluebutton:bigbluebutton:2.7.0:alpha1::::::
	cpe:2.3:a:bigbluebutton:bigbluebutton:2.7.0:alpha2::::::
	cpe:2.3:a:bigbluebutton:bigbluebutton:2.7.0:alpha3::::::
	cpe:2.3:a:bigbluebutton:bigbluebutton:2.7.0:beta1::::::
	cpe:2.3:a:bigbluebutton:bigbluebutton:2.7.0:beta2::::::
	cpe:2.3:a:bigbluebutton:bigbluebutton:2.7.0:beta3::::::

References

Link	Resource
https://github.com/bigbluebutton/bigbluebutton/pull/18494	Third Party Advisory
https://github.com/bigbluebutton/bigbluebutton/pull/18580	Third Party Advisory
https://github.com/bigbluebutton/bigbluebutton/security/advisories/GHSA-3q22-hph2-cff7	Third Party Advisory
https://github.com/bigbluebutton/bigbluebutton/security/advisories/GHSA-h98v-2h8w-99c4	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-10-30T22:24:59.109Z

Updated: 2023-10-30T22:24:59.109Z

Reserved: 2023-09-22T14:51:42.340Z

Link: CVE-2023-43798

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-10-30T23:15:08.397

Modified: 2023-11-08T20:12:42.660

Link: CVE-2023-43798

JSON object: View

Redhat Information

No data.

CWE

CWE-918

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-43798", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-09-22T14:51:42.340Z", "datePublished": "2023-10-30T22:24:59.109Z", "dateUpdated": "2023-10-30T22:24:59.109Z"}, "containers": {"cna": {"title": "BigBlueButton Blind SSRF When Uploading Presentation (mitigation bypass)", "problemTypes": [{"descriptions": [{"cweId": "CWE-918", "lang": "en", "description": "CWE-918: Server-Side Request Forgery (SSRF)", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}}], "references": [{"name": "https://github.com/bigbluebutton/bigbluebutton/security/advisories/GHSA-h98v-2h8w-99c4", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/bigbluebutton/bigbluebutton/security/advisories/GHSA-h98v-2h8w-99c4"}, {"name": "https://github.com/bigbluebutton/bigbluebutton/security/advisories/GHSA-3q22-hph2-cff7", "tags": ["x_refsource_MISC"], "url": "https://github.com/bigbluebutton/bigbluebutton/security/advisories/GHSA-3q22-hph2-cff7"}, {"name": "https://github.com/bigbluebutton/bigbluebutton/pull/18494", "tags": ["x_refsource_MISC"], "url": "https://github.com/bigbluebutton/bigbluebutton/pull/18494"}, {"name": "https://github.com/bigbluebutton/bigbluebutton/pull/18580", "tags": ["x_refsource_MISC"], "url": "https://github.com/bigbluebutton/bigbluebutton/pull/18580"}], "affected": [{"vendor": "bigbluebutton", "product": "bigbluebutton", "versions": [{"version": "< 2.6.12", "status": "affected"}, {"version": ">= 2.7.0-alpha.1, < 2.7.0-rc.1", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-10-30T22:24:59.109Z"}, "descriptions": [{"lang": "en", "value": "BigBlueButton is an open-source virtual classroom. BigBlueButton prior to versions 2.6.12 and 2.7.0-rc.1 is vulnerable to Server-Side Request Forgery (SSRF). This issue is a bypass of CVE-2023-33176. A patch in versions 2.6.12 and 2.7.0-rc.1 disabled follow redirect at `httpclient.execute` since the software no longer has to follow it when using `finalUrl`. There are no known workarounds. We recommend upgrading to a patched version of BigBlueButton."}], "source": {"advisory": "GHSA-h98v-2h8w-99c4", "discovery": "UNKNOWN"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:bigbluebutton:bigbluebutton:*:*:*:*:*:*:*:*", "matchCriteriaId": "07AC33B9-3067-4848-B48D-ABDD7286DE51", "versionEndExcluding": "2.6.12", "vulnerable": true}, {"criteria": "cpe:2.3:a:bigbluebutton:bigbluebutton:2.7.0:alpha1:*:*:*:*:*:*", "matchCriteriaId": "C05D5D11-75BE-41FA-A62F-61F35B16BA9A", "vulnerable": true}, {"criteria": "cpe:2.3:a:bigbluebutton:bigbluebutton:2.7.0:alpha2:*:*:*:*:*:*", "matchCriteriaId": "C23D21AA-EF44-4F61-9775-57E3AF206CEE", "vulnerable": true}, {"criteria": "cpe:2.3:a:bigbluebutton:bigbluebutton:2.7.0:alpha3:*:*:*:*:*:*", "matchCriteriaId": "1E95E50E-3C1E-438A-BAEC-AE0DF69B2937", "vulnerable": true}, {"criteria": "cpe:2.3:a:bigbluebutton:bigbluebutton:2.7.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "A7EC2B6A-1A13-40FE-85D6-30D596813394", "vulnerable": true}, {"criteria": "cpe:2.3:a:bigbluebutton:bigbluebutton:2.7.0:beta2:*:*:*:*:*:*", "matchCriteriaId": "5A7D33D7-AE88-4ED4-82A4-BCFA7E828AD1", "vulnerable": true}, {"criteria": "cpe:2.3:a:bigbluebutton:bigbluebutton:2.7.0:beta3:*:*:*:*:*:*", "matchCriteriaId": "49CCF586-942D-4B21-BFD2-486EF3FCDF7E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "BigBlueButton is an open-source virtual classroom. BigBlueButton prior to versions 2.6.12 and 2.7.0-rc.1 is vulnerable to Server-Side Request Forgery (SSRF). This issue is a bypass of CVE-2023-33176. A patch in versions 2.6.12 and 2.7.0-rc.1 disabled follow redirect at `httpclient.execute` since the software no longer has to follow it when using `finalUrl`. There are no known workarounds. We recommend upgrading to a patched version of BigBlueButton."}, {"lang": "es", "value": "BigBlueButton es un aula virtual de c\u00f3digo abierto. BigBlueButton anterior a las versiones 2.6.12 y 2.7.0-rc.1 es vulnerable a Server-Side Request Forgery (SSRF). Este problema es una omisi\u00f3n de CVE-2023-33176. Un parche en las versiones 2.6.12 y 2.7.0-rc.1 deshabilit\u00f3 el redireccionamiento de seguimiento en `httpclient.execute` ya que el software ya no tiene que seguirlo cuando usa `finalUrl`. No se conocen workarounds. Recomendamos actualizar a una versi\u00f3n parcheada de BigBlueButton."}], "id": "CVE-2023-43798", "lastModified": "2023-11-08T20:12:42.660", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.4, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2023-10-30T23:15:08.397", "references": [{"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/bigbluebutton/bigbluebutton/pull/18494"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/bigbluebutton/bigbluebutton/pull/18580"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/bigbluebutton/bigbluebutton/security/advisories/GHSA-3q22-hph2-cff7"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/bigbluebutton/bigbluebutton/security/advisories/GHSA-h98v-2h8w-99c4"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-918"}], "source": "security-advisories@github.com", "type": "Primary"}]}