漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
BigBlueButton Path Traversal – Reading Certain File Extensions
Vulnerability Description
BigBlueButton is an open-source virtual classroom. BigBlueButton prior to version 2.6.0-beta.1 has a path traversal vulnerability that allows an attacker with a valid starting folder path, to traverse and read other files without authentication, assuming the files have certain extensions (txt, swf, svg, png). In version 2.6.0-beta.1, input validation was added on the parameters being passed and dangerous characters are stripped. There are no known workarounds.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
BigBlueButton 路径遍历漏洞
Vulnerability Description
BigBlueButton是BigBlueButton社区的一套开源的Web会议系统。 BigBlueButton 2.6.0之前版本存在路径遍历漏洞,该漏洞源于存在路径遍历漏洞。未经身份验证的攻击者可利用该漏洞遍历和读取文件。
CVSS Information
N/A
Vulnerability Type
N/A