CVE-2020-27603-bbb-libreoffice-poc

Proof of Concept of Libreoffice file exfiltration vulnerability in Big Blue Button

These ODT files show how to exploit a file exfiltration vulnerability that can happen with server-side Libreoffice rendering, e.g. BigBlueButton.

Background:

• https://blog.hboeck.de/archives/902-File-Exfiltration-via-Libreoffice-in-BigBlueButton-and-JODConverter.html
• https://www.golem.de/news/big-blue-button-das-grosse-blaue-sicherheitsrisiko-2010-151610.html