Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Primary rating from Vendor (mitre) · only source for this CVE.
CVSS VectorVendor: mitre
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Lifecycle Timeline
1DescriptionCVE.org
NodeBB 3.6.7 is vulnerable to Incorrect Access Control, e.g., a low-privileged attacker can access the restricted tabs for the Admin group via "isadmin":true.
AnalysisAI
NodeBB 3.6.7 is vulnerable to Incorrect Access Control, e.g., a low-privileged attacker can access the restricted tabs for the Admin group via "isadmin":true. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
NodeBB 3.6.7 is vulnerable to Incorrect Access Control, e.g., a low-privileged attacker can access the restricted tabs for the Admin group via "isadmin":true. Affected products include: Nodebb.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
A remote code execution (RCE) vulnerability in the xmlrpc.php endpoint of NodeBB Inc NodeBB forum software prior to v1.1
Author spoofing in NodeBB's ActivityPub federation allows a remote federated actor to forge posts and private messages a
NodeBB Forum Software is powered by Node.js and supports either Redis, MongoDB, or a PostgreSQL database. Rated high sev
Nodebb is an open source Node.js based forum software. Rated high severity (CVSS 7.5), this vulnerability is remotely ex
Nodebb is an open source Node.js based forum software. Rated medium severity (CVSS 6.1), this vulnerability is remotely
NodeBB before version 1.14.3 has a bug introduced in version 1.12.2 in the validation logic that makes it possible to ch
NodeBB is Node.js based forum software. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable,
NodeBB is an open source Node.js based forum software. Rated critical severity (CVSS 9.8), this vulnerability is remotel
NodeBB Forum Software is powered by Node.js and supports either Redis, MongoDB, or a PostgreSQL database. Rated critical
A persistent cross-site scripting (XSS) vulnerability in NodeBB v3.11.0 allows remote attackers to store arbitrary code
Nodebb is an open source Node.js based forum software. Rated medium severity (CVSS 5.0), this vulnerability is remotely
A vulnerability, which was classified as problematic, was found in NodeBB up to 2.5.7. Rated medium severity (CVSS 4.3),
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today