CVE-2023-2850

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-2850

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-2850.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-2850

Aliases

GHSA-4qcv-qf38-5j3j

Related

GHSA-4qcv-qf38-5j3j

Published

2023-07-25T12:15:10.837Z

Modified

2026-02-05T12:13:30.142422Z

Severity

4.7 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

NodeBB is affected by a Cross-Site WebSocket Hijacking vulnerability due to missing validation of the request origin. Exploitation of this vulnerability allows certain user information to be extracted by attacker.

References

Affected packages

Git / github.com/nodebb/nodebb

Affected ranges

Type: GIT
Repo: https://github.com/nodebb/nodebb
Events: Fixed

4355b34d0ec72b6f91e577811f68fa14e73f7dcc

Introduced

2103043e78a51498c3083496b57d17100a452486

Fixed

4355b34d0ec72b6f91e577811f68fa14e73f7dcc

Fixed

51096ad2345fb1d1380bec0a447113489ef6c359

Fixed

8bc8cf1ba0fff8c59d19015921d5e0296e3948e7

Affected versions

v3.*

v3.0.0

v3.0.1

v3.1.0

v3.1.1

v3.1.2

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-2850.json"