NodeBB is affected by a Cross-Site WebSocket Hijacking vulnerability due to missing validation of the request origin. Exploitation of this vulnerability allows certain user information to be extracted by attacker.
References
Link | Resource |
---|---|
https://github.com/NodeBB/NodeBB/commit/51096ad2345fb1d1380bec0a447113489ef6c359 | Patch |
https://github.com/NodeBB/NodeBB/releases/tag/v3.1.3 | Release Notes |
https://github.com/NodeBB/NodeBB/security/advisories/GHSA-4qcv-qf38-5j3j | Patch Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: snyk
Published: 2023-07-25T11:13:18.100Z
Updated: 2023-07-25T13:42:38.643Z
Reserved: 2023-05-23T11:27:01.949Z
Link: CVE-2023-2850
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-07-25T12:15:10.837
Modified: 2023-08-07T16:58:57.517
Link: CVE-2023-2850
JSON object: View
Redhat Information
No data.