漏洞标题
N/A
漏洞描述信息
BigBlueButton 2.2.6 之前允许远程攻击者读取任意文件,因为 presfilename (小写)值可以是.pdf 文件名,而 presFilename (混合格式)值具有../ 序列。这可以通过目录遍历来利用,将其用于权限升级到 bigbluebutton.properties。注意:这个问题存在是因为 CVE-2020-12112 的一个无效的修复,在 NGINX 配置文件中进行了尝试修复,而不考虑 NGINX 相关部分是不分大小的。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
BigBlueButton before 2.2.6 allows remote attackers to read arbitrary files because the presfilename (lowercase) value can be a .pdf filename while the presFilename (mixed case) value has a ../ sequence. This can be leveraged for privilege escalation via a directory traversal to bigbluebutton.properties. NOTE: this issue exists because of an ineffective mitigation to CVE-2020-12112 in which there was an attempted fix within an NGINX configuration file, without considering that the relevant part of NGINX is case-insensitive.
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
BigBlueButton 路径遍历漏洞
漏洞描述信息
BigBlueButton是BigBlueButton社区的一套开源的Web会议系统。 BigBlueButton 2.2.6之前版本中存在安全漏洞。远程攻击者可借助‘presfilename’参数利用该漏洞获取管理员权限。
CVSS信息
N/A
漏洞类别
路径遍历