Lucene search
GoogleOSV:CVE-2016-10532HistoryMay 31, 2018 - 8:29 p.m.
CVE-2016-10532
2018-05-3120:29:01
Google
osv.dev
4
console-io is a module that allows users to implement a web console in their application. A malicious user could bypass the authentication and execute any command that the user who is running the console-io application 2.2.13 and earlier is able to run. This means that if console-io was running from root, the attacker would have full access to the system. This vulnerability exists because the console-io application does not configure socket.io to require authentication, which allows a malicious user to connect via a websocket to send commands and receive the response.
| CPE | Name | Operator | Version |
|---|---|---|---|
| console-io | eq | 2.0.2 | |
| console-io | eq | 1.11.5 | |
| console-io | eq | 1.11.4 | |
| console-io | eq | 1.3.0 | |
| console-io | eq | 1.2.0 | |
| console-io | eq | 2.2.1 | |
| console-io | eq | 1.9.2 | |
| console-io | eq | 1.10.6 | |
| console-io | eq | 1.4.0 | |
| console-io | eq | 2.2.0 |
References
Related
cvelist
cvelist
CVE-2016-10532
2018-04-26 00:00:00
github
github
Authentication Bypass in console-io
2019-02-18 23:39:39
osv
osv
Authentication Bypass in console-io
2019-02-18 23:39:39
prion
prion
Authentication flaw
2018-05-31 20:29:00
nvd
nvd
CVE-2016-10532
2018-05-31 20:29:01
cve
cve
CVE-2016-10532
2018-05-31 20:29:01
nodejs
nodejs
Authentication Bypass
2016-03-28 17:21:46