CVE-2023-2850

CVSS V2 None CVSS V3 None

Description

NodeBB is affected by a Cross-Site WebSocket Hijacking vulnerability due to missing validation of the request origin. Exploitation of this vulnerability allows certain user information to be extracted by attacker.

Overview

CVE ID
CVE-2023-2850

Assigner
snyk

Vulnerability Status
PUBLISHED

Published Version
2023-07-25T11:13:18.100Z

Last Modified Date
2023-07-25T13:42:38.643Z

Weakness Enumerations

CWE	URL
CWE-1385	http://cwe.mitre.org/data/definitions/1385.html

References

Reference URL	Reference Tags
https://github.com/NodeBB/NodeBB/security/advisories/GHSA-4qcv-qf38-5j3j
https://github.com/NodeBB/NodeBB/commit/51096ad2345fb1d1380bec0a447113489ef6c359
https://github.com/NodeBB/NodeBB/releases/tag/v3.1.3

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2023-2850
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2850

History

Created	Old Value	New Value	Data Type	Notes
2024-06-24 22:15:59				Added to TrackCVE