PT-2024-22857 · Nodebb · Nodebb
Published
2024-03-28
·
Updated
2024-11-15
·
CVE-2024-29316
CVSS v3.1
6.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
NodeBB version 3.6.7
Description
The issue allows a low-privileged attacker to access restricted tabs for the Admin group by setting
isadmin to true. This is a case of Incorrect Access Control, where an attacker can access areas of the system that are supposed to be restricted to administrators.Recommendations
For NodeBB version 3.6.7, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Nodebb