Lucene search
China National Vulnerability DatabaseCNVD-2021-95235HistoryDec 01, 2021 - 12:00 a.m.
Nodebb licensing issue vulnerability
2021-12-0100:00:00
China National Vulnerability Database
www.cnvd.org.cn
7
0.001 Low
EPSS
Percentile
46.8%
NodeBB is a forum system built by the Design Create Play team using Node.js, a web application platform built on top of Google’s V8 JavaScript engine. an authorization issue vulnerability exists in Nodebb, which stems from a faulty token authentication logic in the product, and could be exploited by an attacker to access the API using the master token to access the API.
| CPE | Name | Operator | Version |
|---|---|---|---|
| nodebb nodebb | lt | 1.18.5 |
Related
openvas
openvas
NodeBB 1.15.x - 1.18.4 Improper Authentication Vulnerability
2022-09-07 00:00:00
veracode
veracode
Validation Bypass
2021-12-06 06:56:00
prion
prion
Code injection
2021-11-29 20:15:00
osv
osv
CVE-2021-43786
2021-11-29 20:15:08
API token verification can be bypassed in NodeBB
2021-11-30 22:21:05
cve
cve
CVE-2021-43786
2021-11-29 20:15:08
cvelist
cvelist
CVE-2021-43786 API token verification can be bypassed
2021-11-29 19:30:17
nvd
nvd
CVE-2021-43786
2021-11-29 20:15:08
github
github
API token verification can be bypassed in NodeBB
2021-11-30 22:21:05
sonarsource
sonarsource
NodeBB 1.18.4 - Remote Code Execution With One Shot
2021-11-30 00:00:00