Nodebb is an open source Node.js based forum software. In affected versions incorrect logic present in the token verification step unintentionally allowed master token access to the API. The vulnerability has been patch as of v1.18.5. Users are advised to upgrade as soon as possible.
References
Link | Resource |
---|---|
https://blog.sonarsource.com/nodebb-remote-code-execution-with-one-shot/ | Exploit Third Party Advisory |
https://github.com/NodeBB/NodeBB/commit/04dab1d550cdebf4c1567bca9a51f8b9ca48a500 | Patch Third Party Advisory |
https://github.com/NodeBB/NodeBB/releases/tag/v1.18.5 | Release Notes Third Party Advisory |
https://github.com/NodeBB/NodeBB/security/advisories/GHSA-hf2m-j98r-4fqw | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_M
Published: 2021-11-29T19:30:17
Updated: 2022-09-13T20:56:30
Reserved: 2021-11-16T00:00:00
Link: CVE-2021-43786
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-11-29T20:15:08.133
Modified: 2022-10-27T19:13:01.800
Link: CVE-2021-43786
JSON object: View
Redhat Information
No data.
CWE