Cross-Site WebSocket Hijacking in NodeBB by NodeBB
CVE-2023-2850
4.7MEDIUM
What is CVE-2023-2850?
NodeBB is susceptible to a Cross-Site WebSocket Hijacking vulnerability stemming from inadequate validation of request origins. This weakness enables attackers to exploit the system, potentially gaining unauthorized access to sensitive user information. By leveraging this flaw, malicious actors could intercept WebSocket communications and extract valuable data from affected users. It is crucial for NodeBB users to take immediate action by updating to the latest version to mitigate these risks.
Affected Version(s)
NodeBB < 2.8.13 < 2.8.13
NodeBB >= 3.0.0, < 3.1.3 < 3.0.0, 3.1.3
