Posted by RedTeam Pentesting GmbH on Oct 21
Advisory: Arbitrary File Disclosure and Server-Side Request Forgery in BigBlueButton
RedTeam Pentesting discovered a vulnerability in the BigBlueButton web
conferencing system which allows participants of a conference with
permissions to upload presentations to read arbitrary files from the
file system and perform server-side requests. This leads to
administrative access to the BigBlueButton instance.
If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.