CVE-2023-2850
CVSS 3.1 Score 9.8 of 10 (high)
Details
Published Jul 25, 2023
Updated: Aug 7, 2023
CWE ID 287
CWE ID 798
Summary
CVE-2023-2850 is a newly discovered vulnerability affecting NodeBB, an open-source forum software. This issue stems from a lack of validation for request origins in NodeBB's WebSocket communication, leading to a Cross-Site WebSocket Hijacking vulnerability. An attacker who successfully exploits this vulnerability can extract sensitive user information. This weakness poses a significant risk to NodeBB installations, and immediate updates or appropriate mitigations are required to secure affected systems.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Vendors
- Rocket Software, Inc.