Julianlam

**Name of the Vulnerable Software and Affected Versions** NodeBB versions 2.5.0 through 2.8.7 **Description** The issue arises due to the use of object destructuring assignment syntax in the user export code path, combined with a path traversal vulnerability. This allows a specially crafted payload to invoke the user export logic and arbitrarily execute javascript files on the local disk. **Recommendations** For NodeBB versions 2.5.0 through 2.8.7, update to version 2.8.7 to patch the exploit. As a temporary workaround, site maintainers can cherry pick the fix into their codebase to patch the exploit.

**Name of the Vulnerable Software and Affected Versions** NodeBB versions prior to 2.6.1 **Description** The issue arises from a plain object with a prototype being used in socket.io message handling, allowing a specially crafted payload to impersonate other users and takeover accounts. **Recommendations** For versions prior to 2.6.1, upgrade to version 2.6.1 to patch the exploit. As a temporary workaround for users unable to upgrade, cherry-pick commit `48d143921753914da45926cca6370a92ed0c46b8` into their codebase to patch the exploit.

**Name of the Vulnerable Software and Affected Versions** NodeBB versions up to 2.5.7 **Description** A vulnerability was found in NodeBB, affecting an unknown part of the file /register/abort. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. **Recommendations** For NodeBB versions up to 2.5.7, upgrade to version 2.5.8 to address this issue. As a temporary workaround, consider restricting access to the /register/abort endpoint until the upgrade is applied.

**Name of the Vulnerable Software and Affected Versions** NodeBB Forum Software versions prior to 1.17.2 **Description** The issue is caused by an unnecessarily strict conditional in the code handling the first step of the Single Sign-On (SSO) process. This conditional inadvertently rendered the pre-existing logic that added and checked a nonce as opt-in instead of opt-out, re-exposing a vulnerability. A specially crafted Man-in-the-Middle (MITM) attack could theoretically take over another user account during the single sign-on process. **Recommendations** For NodeBB Forum Software versions prior to 1.17.2, update to version 1.17.2 to fully patch the issue. As a temporary workaround, site maintainers can cherry-pick the patch commit into their codebase to patch the exploit.

Name of the Vulnerable Software and Affected Versions: Nodebb versions prior to 1.18.5 Description: The issue is related to incorrect logic in the token verification step, which unintentionally allowed master token access to the API. Recommendations: For versions prior to 1.18.5, upgrade to version 1.18.5 or later as soon as possible. As a temporary workaround, consider cherry-picking commit hash 04dab1d550cdebf4c1567bca9a51f8b9ca48a500 to receive the patch in lieu of a full upgrade.