CVE-2024-29316 – nodebb

Package

Manager: npm
Name: nodebb
Vulnerable Version: >=0 <3.6.7

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

EPSS: 0.0007 pctl0.21827

Details

Incorrect Access Control in NodeBB In NodeBB prior to 3.6.7 an attacker was able to access the restricted tabs for the Admin group which are only allowed the the administrators.

Metadata

Created: 2024-03-29T00:30:34Z
Modified: 2024-11-18T20:02:52Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/03/GHSA-qc99-r4wh-c8h6/GHSA-qc99-r4wh-c8h6.json
CWE IDs: []
Alternative ID: GHSA-qc99-r4wh-c8h6
Finding: F310
Auto approve: 1