Exploitation Summary
EIP tracks 1 public exploit for CVE-2020-27603. PoCs published by hannob.
AI-analyzed exploit summary This repository contains a writeup and proof-of-concept ODT files demonstrating a file exfiltration vulnerability in LibreOffice when used in server-side rendering contexts like Big Blue Button. The vulnerability allows exfiltration of files via crafted ODT documents.
Description
BigBlueButton before 2.2.27 has an unsafe JODConverter setting in which LibreOffice document conversions can access external files.
Exploits (1)
This repository contains a writeup and proof-of-concept ODT files demonstrating a file exfiltration vulnerability in LibreOffice when used in server-side rendering contexts like Big Blue Button. The vulnerability allows exfiltration of files via crafted ODT documents.
References (1)
Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N