BigBlueButton is an open-source virtual classroom. BigBlueButton prior to versions 2.6.12 and 2.7.0-rc.1 is vulnerable to Server-Side Request Forgery (SSRF). This issue is a bypass of CVE-2023-33176. A patch in versions 2.6.12 and 2.7.0-rc.1 disabled follow redirect at `httpclient.execute` since the software no longer has to follow it when using `finalUrl`. There are no known workarounds. We recommend upgrading to a patched version of BigBlueButton.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2023-10-30T22:24:59.109Z
Updated: 2024-09-05T20:19:17.331Z
Reserved: 2023-09-22T14:51:42.340Z
Link: CVE-2023-43798
Vulnrichment
Updated: 2024-08-02T19:52:11.270Z
NVD
Status : Modified
Published: 2023-10-30T23:15:08.397
Modified: 2024-11-21T08:24:48.393
Link: CVE-2023-43798
Redhat
No data.