CVE-2023-2850

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Jul 25, 2023
Updated: Aug 7, 2023
CWE ID 287
CWE ID 798

Summary

CVE-2023-2850 is a newly discovered vulnerability affecting NodeBB, an open-source forum software. This issue stems from a lack of validation for request origins in NodeBB's WebSocket communication, leading to a Cross-Site WebSocket Hijacking vulnerability. An attacker who successfully exploits this vulnerability can extract sensitive user information. This weakness poses a significant risk to NodeBB installations, and immediate updates or appropriate mitigations are required to secure affected systems.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share