Vulnerability DatabaseCVE-2023-2850
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2023-2850
July 25, 2023
NodeBB is affected by a Cross-Site WebSocket Hijacking vulnerability due to missing validation of the request origin. Exploitation of this vulnerability allows certain user information to be extracted by attacker.
Related Resources (7)
https://github.com/NodeBB/NodeBB/commit/a5d92da9ddac5607ab7f737520a66eaed6d3ddee
https://github.com/NodeBB/NodeBB/security/advisories/GHSA-4qcv-qf38-5j3j
https://github.com/NodeBB/NodeBB/releases/tag/v3.1.3
https://github.com/NodeBB/NodeBB/commit/51096ad2345fb1d1380bec0a447113489ef6c359
https://github.com/NodeBB/NodeBB/commit/62e162cf1e735e42462be1db9b4954b5a69accdf
https://nvd.nist.gov/vuln/detail/CVE-2023-2850
https://github.com/NodeBB/NodeBB
Do you need more information?
Contact Us
CVSS v4
Base Score:
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
PASSIVE
Vulnerable System Confidentiality
LOW
Vulnerable System Integrity
NONE
Vulnerable System Availability
NONE
Subsequent System Confidentiality
LOW
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
4.7
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality
LOW
Integrity
NONE
Availability
NONE
Weakness Type (CWE)
Missing Origin Validation in WebSockets
CWE-1385
Origin Validation Error
CWE-346
EPSS
Base Score:
0.13