Vulnerability CVE-2021-43786


Published: 2021-11-29

Description:
Nodebb is an open source Node.js based forum software. In affected versions incorrect logic present in the token verification step unintentionally allowed master token access to the API. The vulnerability has been patch as of v1.18.5. Users are advised to upgrade as soon as possible.

Type:

CWE-287

(Improper Authentication)

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
Nodebb -> Nodebb 

 References:
https://github.com/NodeBB/NodeBB/security/advisories/GHSA-hf2m-j98r-4fqw
https://github.com/NodeBB/NodeBB/releases/tag/v1.18.5
https://github.com/NodeBB/NodeBB/commit/04dab1d550cdebf4c1567bca9a51f8b9ca48a500

Copyright 2024, cxsecurity.com

 

Back to Top