Source |
CVE Liste |
Identifiant |
8403211 |
Date de publication |
2023-10-30 23:15:08 (vue: 2023-10-31 01:07:36) |
Titre |
CVE-2023-43798 |
Texte |
Bigbluebutton est une classe virtuelle open source.BigBlueButton Avant les versions 2.6.12 et 2.7.0-RC.1 est vulnérable à la contrefaçon de demande côté serveur (SSRF).Ce problème est une contournement de CVE-2023-33176.Un correctif dans les versions 2.6.12 et 2.7.0-RC.1 Désactivé Suivez Redirection sur `HttpClient.ExECUTE` Puisque le logiciel n'a plus à le suivre lors de l'utilisation de` Finurl`.Il n'y a pas de solution de contournement connu.Nous vous recommandons de passer à une version patchée de BigblueButton.
BigBlueButton is an open-source virtual classroom. BigBlueButton prior to versions 2.6.12 and 2.7.0-rc.1 is vulnerable to Server-Side Request Forgery (SSRF). This issue is a bypass of CVE-2023-33176. A patch in versions 2.6.12 and 2.7.0-rc.1 disabled follow redirect at `httpclient.execute` since the software no longer has to follow it when using `finalUrl`. There are no known workarounds. We recommend upgrading to a patched version of BigBlueButton. |
Envoyé |
Oui |
Condensat |
2023 33176 43798 `finalurl` `httpclient are bigbluebutton bypass classroom cve disabled execute` follow forgery has issue known longer open patch patched prior recommend redirect request server side since software source ssrf upgrading using version versions virtual vulnerable when workarounds |
Tags |
|
Stories |
|
Notes |
|
Move |
|