CVE-2022-46164

NodeBB is an open source Node.js based forum software. Due to a plain object with a prototype being used in socket.io message handling a specially crafted payload can be used to impersonate other users and takeover accounts. This vulnerability has been patched in version 2.6.1. Users are advised to upgrade. Users unable to upgrade may cherry-pick commit `48d143921753914da45926cca6370a92ed0c46b8` into their codebase to patch the exploit.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/NodeBB/NodeBB/commit/48d143921753914da45926cca6370a92ed0c46b8	Patch Third Party Advisory
https://github.com/NodeBB/NodeBB/security/advisories/GHSA-rf3g-v8p5-p675	Patch Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:nodebb:nodebb:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2022-12-05 21:15

Updated : 2023-11-07 03:55

NVD link : CVE-2022-46164

Mitre link : CVE-2022-46164

CVE.ORG link : CVE-2022-46164

JSON object : View

Products Affected

nodebb

nodebb

CWE

CWE-665

Improper Initialization

{"id": "CVE-2022-46164", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.4, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.5, "exploitabilityScore": 3.9}]}, "published": "2022-12-05T21:15:10.443", "references": [{"url": "https://github.com/NodeBB/NodeBB/commit/48d143921753914da45926cca6370a92ed0c46b8", "tags": ["Patch", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/NodeBB/NodeBB/security/advisories/GHSA-rf3g-v8p5-p675", "tags": ["Patch", "Third Party Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-665"}]}], "descriptions": [{"lang": "en", "value": "NodeBB is an open source Node.js based forum software. Due to a plain object with a prototype being used in socket.io message handling a specially crafted payload can be used to impersonate other users and takeover accounts. This vulnerability has been patched in version 2.6.1. Users are advised to upgrade. Users unable to upgrade may cherry-pick commit `48d143921753914da45926cca6370a92ed0c46b8` into their codebase to patch the exploit.\n"}, {"lang": "es", "value": "NodeBB es un software de foro de c\u00f3digo abierto basado en Node.js. Debido a que se utiliza un objeto simple con un prototipo en el manejo de mensajes de socket.io, se puede usar un payload especialmente manipulado para hacerse pasar por otros usuarios y tomar control de cuentas. Esta vulnerabilidad ha sido parcheada en la versi\u00f3n 2.6.1. Se recomienda a los usuarios que actualicen. Los usuarios que no puedan actualizar pueden seleccionar el commit `48d143921753914da45926cca6370a92ed0c46b8` en su c\u00f3digo base para parchear el exploit."}], "lastModified": "2023-11-07T03:55:03.443", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:nodebb:nodebb:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ACBD3E19-5D50-4C0F-9CDA-AE5A240AF776", "versionEndExcluding": "2.6.1"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}