CVE-2023-42803

Опубликовано: 30 окт. 2023

Источник: nvd

CVSS3: 5.3

CVSS3: 8.8

EPSS Низкий

Описание

BigBlueButton is an open-source virtual classroom. BigBlueButton prior to version 2.6.0-beta.2 is vulnerable to unrestricted file upload, where the insertDocument API call does not validate the given file extension before saving the file, and does not remove it in case of validation failures. BigBlueButton 2.6.0-beta.2 contains a patch. There are no known workarounds.

Ссылки

https://github.com/bigbluebutton/bigbluebutton/pull/15990
Third Party Advisory
https://github.com/bigbluebutton/bigbluebutton/security/advisories/GHSA-w98f-6x8w-xhjc
Third Party Advisory
https://github.com/bigbluebutton/bigbluebutton/pull/15990
Third Party Advisory
https://github.com/bigbluebutton/bigbluebutton/security/advisories/GHSA-w98f-6x8w-xhjc
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:bigbluebutton:bigbluebutton:*:*:*:*:*:*:*:*

Версия до 2.5.18 (включая)

cpe:2.3:a:bigbluebutton:bigbluebutton:2.6.0:alpha1:*:*:*:*:*:*

cpe:2.3:a:bigbluebutton:bigbluebutton:2.6.0:alpha2:*:*:*:*:*:*

cpe:2.3:a:bigbluebutton:bigbluebutton:2.6.0:alpha3:*:*:*:*:*:*

cpe:2.3:a:bigbluebutton:bigbluebutton:2.6.0:alpha4:*:*:*:*:*:*

cpe:2.3:a:bigbluebutton:bigbluebutton:2.6.0:beta1:*:*:*:*:*:*

EPSS

Процентиль: 27%

0.00095

Низкий

5.3 Medium

CVSS3

8.8 High

CVSS3

Дефекты

CWE-434

EPSS

Процентиль: 27%

0.00095

Низкий

5.3 Medium

CVSS3

8.8 High

CVSS3

Дефекты

CWE-434