CVE-2023-43798

MEDIUM Year: 2023
CVSS v3 Score
5.4
Medium
Weakness Type
CWE-918
View all →

Vulnerability Description

BigBlueButton is an open-source virtual classroom. BigBlueButton prior to versions 2.6.12 and 2.7.0-rc.1 is vulnerable to Server-Side Request Forgery (SSRF). This issue is a bypass of CVE-2023-33176. A patch in versions 2.6.12 and 2.7.0-rc.1 disabled follow redirect at `httpclient.execute` since the software no longer has to follow it when using `finalUrl`. There are no known workarounds. We recommend upgrading to a patched version of BigBlueButton.

Related Vulnerabilities

CVE-2018-1000184

MEDIUM
CVSS:5.4(Medium)

A server-side request forgery vulnerability exists in Jenkins GitHub Plugin 1.29.0 and older in GitHubPluginConfig.java that allows attackers with Overall/Read access to cause Jenkins to send a GET re...

CWE-9182018

CVE-2018-1000188

MEDIUM
CVSS:5.4(Medium)

A server-side request forgery vulnerability exists in Jenkins CAS Plugin 1.4.1 and older in CasSecurityRealm.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request ...

CWE-9182018

CVE-2020-24700

MEDIUM
CVSS:5.4(Medium)

OX App Suite through 7.10.3 allows SSRF because GET requests are sent to arbitrary domain names with an initial autoconfig. substring.

CWE-9182020

CVE-2020-4786

MEDIUM
CVSS:5.4(Medium)

IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1, 7.4.0 to 7.4.1 Patch 1, and 7.3.0 to 7.3.3 Patch 5 is vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unau...

CWE-9182020