GHSA-qc99-r4wh-c8h6

Suggest an improvement
Source
https://github.com/advisories/GHSA-qc99-r4wh-c8h6
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/03/GHSA-qc99-r4wh-c8h6/GHSA-qc99-r4wh-c8h6.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-qc99-r4wh-c8h6
Aliases
  • CVE-2024-29316
Published
2024-03-29T00:30:34Z
Modified
2024-11-18T20:12:22.256533Z
Severity
  • 6.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVSS Calculator
Summary
Incorrect Access Control in NodeBB
Details

In NodeBB prior to 3.6.7 an attacker was able to access the restricted tabs for the Admin group which are only allowed the the administrators.

Database specific
{
    "nvd_published_at": "2024-03-28T23:15:46Z",
    "cwe_ids": [],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2024-11-18T20:02:52Z"
}
References

Affected packages

npm / nodebb

Package

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.6.7