Vulnerabilities > CVE-2022-36076 - Unspecified vulnerability in Nodebb
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
NodeBB Forum Software is powered by Node.js and supports either Redis, MongoDB, or a PostgreSQL database. Due to an unnecessarily strict conditional in the code handling the first step of the SSO process, the pre-existing logic that added (and later checked) a nonce was inadvertently rendered opt-in instead of opt-out. This re-exposed a vulnerability in that a specially crafted Man-in-the-Middle (MITM) attack could theoretically take over another user account during the single sign-on process. The issue has been fully patched in version 1.17.2.
Vulnerable Configurations
References
- https://blogs.opera.com/security/2022/03/bug-bounty-adventures-a-nodebb-0-day/
- https://blogs.opera.com/security/2022/03/bug-bounty-adventures-a-nodebb-0-day/
- https://github.com/NodeBB/NodeBB/commit/a2400f6baff44cb2996487bcd0cc6e2acc74b3d4
- https://github.com/NodeBB/NodeBB/commit/a2400f6baff44cb2996487bcd0cc6e2acc74b3d4
- https://github.com/NodeBB/NodeBB/security/advisories/GHSA-xmgg-fx9p-prq6
- https://github.com/NodeBB/NodeBB/security/advisories/GHSA-xmgg-fx9p-prq6