Skip to content

Account takeover via prototype vulnerability

Critical
julianlam published GHSA-rf3g-v8p5-p675 Dec 5, 2022

Package

NodeBB (NodeBB)

Affected versions

< 2.6.1

Patched versions

2.6.1

Description

Impact

Due to a plain object with a prototype being used in socket.io message handling a specially crafted payload can be used to impersonate other users and takeover accounts.

Patches

Patched in 2.6.1

Workarounds

Site maintainers can cherry-pick 48d1439 into their codebase to patch the exploit.

References

A writeup is pending

For more information

If you have any questions or comments about this advisory:

Discuss it on our community forum
Email us at support@nodebb.org

Severity

Critical
9.4
/ 10

CVSS base metrics

Attack vector
Network
Attack complexity
Low
Privileges required
None
User interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
Low
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

CVE ID

CVE-2022-46164

Weaknesses

No CWEs

Credits