Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:GHSA-HF2M-J98R-4FQW
HistoryNov 30, 2021 - 10:21 p.m.

API token verification can be bypassed in NodeBB

2021-11-3022:21:05
Google
osv.dev
14
vulnerability
patch
nodebb
api
security advisory

EPSS

0.002

Percentile

53.9%

JSON

Impact

Incorrect logic present in the token verification step unintentionally allowed master token access to the API.

Patches

The vulnerability has been patch as of v1.18.5.

Workarounds

Cherry-pick commit hash 04dab1d550cdebf4c1567bca9a51f8b9ca48a500 to receive this patch in lieu of a full upgrade.

For more information

If you have any questions or comments about this advisory:

Related

osv 1
cvelist 1
prion 1
cve 1
github 1
openvas 1
veracode 1
cnvd 1
nvd 1
sonarsource 1
osv
osv
CVE-2021-43786
2021-11-29 20:15:08
cvelist
cvelist
CVE-2021-43786 API token verification can be bypassed
2021-11-29 19:30:17
prion
prion
Code injection
2021-11-29 20:15:00
cve
cve
CVE-2021-43786
2021-11-29 20:15:08
github
github
API token verification can be bypassed in NodeBB
2021-11-30 22:21:05
openvas
openvas
NodeBB 1.15.x - 1.18.4 Improper Authentication Vulnerability
2022-09-07 00:00:00
veracode
veracode
Validation Bypass
2021-12-06 06:56:00
cnvd
cnvd
Nodebb licensing issue vulnerability
2021-12-01 00:00:00
nvd
nvd
CVE-2021-43786
2021-11-29 20:15:08
sonarsource
sonarsource
NodeBB 1.18.4 - Remote Code Execution With One Shot
2021-11-30 00:00:00

EPSS

0.002

Percentile

53.9%

JSON
Related for OSV:GHSA-HF2M-J98R-4FQW
osv1cvelist1prion1cve1github1openvas1veracode1cnvd1nvd1sonarsource1