[RT-SA-2020-005] Arbitrary File Disclosure and Server-Side Request Forgery in BigBlueButton

Posted by RedTeam Pentesting GmbH on Oct 21

Advisory: Arbitrary File Disclosure and Server-Side Request Forgery in BigBlueButton

RedTeam Pentesting discovered a vulnerability in the BigBlueButton web
conferencing system which allows participants of a conference with
permissions to upload presentations to read arbitrary files from the
file system and perform server-side requests. This leads to
administrative access to the BigBlueButton instance.

Details
=======

Product: BigBlueButton…

If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.

Original Source

Tags: cyber, exploit, full disclosure, OSINT, seclist, Security, threatintel, vulnerabilities, vulnerability, vulns

[RT-SA-2020-005] Arbitrary File Disclosure and Server-Side Request Forgery in BigBlueButton

Original Source

Ubuntu Linux Kernel Multiple Vulnerabilities

Amd Warns Of New Meltdown, Spectre Like Bugs Affecting Cpus

You Have A Fake North Korean It Worker Problem Here’s How To Stop It

Ai Coding Tools Make Developers Slower But They Think They’re Faster, Studyfinds

How To Trick Chatgpt Into Revealing Windows Keys? I Give Up

Original Source

You may have missed

Ubuntu Linux Kernel Multiple Vulnerabilities

Amd Warns Of New Meltdown, Spectre Like Bugs Affecting Cpus

You Have A Fake North Korean It Worker Problem Here’s How To Stop It

Ai Coding Tools Make Developers Slower But They Think They’re Faster, Studyfinds

How To Trick Chatgpt Into Revealing Windows Keys? I Give Up