BigBlueButton 2.2.25 File Disclosure / Server-Side Request Forgery
Posted by deepcore on October 22, 2020 – 4:35 pm
RedTeam Pentesting discovered a vulnerability in the BigBlueButton web conferencing system version 2.2.25 that allows participants of a conference with permissions to upload presentations to read arbitrary files from the file system and perform server-side requests. This leads to administrative access to the BigBlueButton instance.
Post a reply
You must be logged in to post a comment.