CVE-2023-2850

NodeBB is affected by a Cross-Site WebSocket Hijacking vulnerability due to missing validation of the request origin. Exploitation of this vulnerability allows certain user information to be extracted by attacker.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:nodebb:nodebb:*:*:*:*:*:*:*:*
cpe:2.3:a:nodebb:nodebb:*:*:*:*:*:*:*:*

History

21 Nov 2024, 07:59

Type Values Removed Values Added
References () https://github.com/NodeBB/NodeBB/commit/51096ad2345fb1d1380bec0a447113489ef6c359 - Patch () https://github.com/NodeBB/NodeBB/commit/51096ad2345fb1d1380bec0a447113489ef6c359 - Patch
References () https://github.com/NodeBB/NodeBB/releases/tag/v3.1.3 - Release Notes () https://github.com/NodeBB/NodeBB/releases/tag/v3.1.3 - Release Notes
References () https://github.com/NodeBB/NodeBB/security/advisories/GHSA-4qcv-qf38-5j3j - Patch, Vendor Advisory () https://github.com/NodeBB/NodeBB/security/advisories/GHSA-4qcv-qf38-5j3j - Patch, Vendor Advisory

07 Aug 2023, 16:58

Type Values Removed Values Added
CPE cpe:2.3:a:nodebb:nodebb:*:*:*:*:*:*:*:*
First Time Nodebb nodebb
Nodebb
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 4.7
CWE CWE-346
References (MISC) https://github.com/NodeBB/NodeBB/commit/51096ad2345fb1d1380bec0a447113489ef6c359 - (MISC) https://github.com/NodeBB/NodeBB/commit/51096ad2345fb1d1380bec0a447113489ef6c359 - Patch
References (MISC) https://github.com/NodeBB/NodeBB/security/advisories/GHSA-4qcv-qf38-5j3j - (MISC) https://github.com/NodeBB/NodeBB/security/advisories/GHSA-4qcv-qf38-5j3j - Patch, Vendor Advisory
References (MISC) https://github.com/NodeBB/NodeBB/releases/tag/v3.1.3 - (MISC) https://github.com/NodeBB/NodeBB/releases/tag/v3.1.3 - Release Notes

25 Jul 2023, 13:00

Type Values Removed Values Added
New CVE

Information

Published : 2023-07-25 12:15

Updated : 2024-11-21 07:59


NVD link : CVE-2023-2850

Mitre link : CVE-2023-2850

CVE.ORG link : CVE-2023-2850


JSON object : View

Products Affected

nodebb

  • nodebb
CWE
CWE-1385

Missing Origin Validation in WebSockets

CWE-346

Origin Validation Error