Lucene search

[email protected]CVE-2022-3978

HistoryNov 13, 2022 - 2:15 p.m.

CVE-2022-3978

2022-11-1314:15:10

CWE-352

CWE-863

[email protected]

web.nvd.nist.gov

cve-2022-3978

nodebb

vulnerability

cross-site request forgery

remote attack

upgrade

patch

nvd

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

4.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

42.3%

JSON

A vulnerability, which was classified as problematic, was found in NodeBB up to 2.5.7. This affects an unknown part of the file /register/abort. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 2.5.8 is able to address this issue. The name of the patch is 2f9d8c350e54543f608d3d4c8e1a49bbb6cdea38. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-213555.

Affected configurations

Vulners

NVD

Node

nodebbnodebbMatch2.5.0

nodebbnodebbMatch2.5.1

nodebbnodebbMatch2.5.2

nodebbnodebbMatch2.5.3

nodebbnodebbMatch2.5.4

nodebbnodebbMatch2.5.5

nodebbnodebbMatch2.5.6

nodebbnodebbMatch2.5.7

VendorProductVersionCPE
nodebbnodebb2.5.0cpe:2.3:a:nodebb:nodebb:2.5.0:*:*:*:*:*:*:*
nodebbnodebb2.5.1cpe:2.3:a:nodebb:nodebb:2.5.1:*:*:*:*:*:*:*
nodebbnodebb2.5.2cpe:2.3:a:nodebb:nodebb:2.5.2:*:*:*:*:*:*:*
nodebbnodebb2.5.3cpe:2.3:a:nodebb:nodebb:2.5.3:*:*:*:*:*:*:*
nodebbnodebb2.5.4cpe:2.3:a:nodebb:nodebb:2.5.4:*:*:*:*:*:*:*
nodebbnodebb2.5.5cpe:2.3:a:nodebb:nodebb:2.5.5:*:*:*:*:*:*:*
nodebbnodebb2.5.6cpe:2.3:a:nodebb:nodebb:2.5.6:*:*:*:*:*:*:*
nodebbnodebb2.5.7cpe:2.3:a:nodebb:nodebb:2.5.7:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
nodebb	nodebb	2.5.0	cpe:2.3:a:nodebb:nodebb:2.5.0:::::::*
nodebb	nodebb	2.5.1	cpe:2.3:a:nodebb:nodebb:2.5.1:::::::*
nodebb	nodebb	2.5.2	cpe:2.3:a:nodebb:nodebb:2.5.2:::::::*
nodebb	nodebb	2.5.3	cpe:2.3:a:nodebb:nodebb:2.5.3:::::::*
nodebb	nodebb	2.5.4	cpe:2.3:a:nodebb:nodebb:2.5.4:::::::*
nodebb	nodebb	2.5.5	cpe:2.3:a:nodebb:nodebb:2.5.5:::::::*
nodebb	nodebb	2.5.6	cpe:2.3:a:nodebb:nodebb:2.5.6:::::::*
nodebb	nodebb	2.5.7	cpe:2.3:a:nodebb:nodebb:2.5.7:::::::*

CNA Affected

[
  {
    "vendor": "unspecified",
    "product": "NodeBB",
    "versions": [
      {
        "version": "2.5.0",
        "status": "affected"
      },
      {
        "version": "2.5.1",
        "status": "affected"
      },
      {
        "version": "2.5.2",
        "status": "affected"
      },
      {
        "version": "2.5.3",
        "status": "affected"
      },
      {
        "version": "2.5.4",
        "status": "affected"
      },
      {
        "version": "2.5.5",
        "status": "affected"
      },
      {
        "version": "2.5.6",
        "status": "affected"
      },
      {
        "version": "2.5.7",
        "status": "affected"
      }
    ]
  }
]