CVE-2024-29316 - NodeBB 3.6.7 is vulnerable to Incorrect Access Control, e.g., a low-privileged attacker can access t

CVE-2024-29316

Summary

NodeBB 3.6.7 is vulnerable to Incorrect Access Control, e.g., a low-privileged attacker can access the restricted tabs for the Admin group via "isadmin":true.

References

https://nodebb.org/bounty/
https://medium.com/%40krityamkarma858041/broken-access-control-nodebb-v3-6-7-eebc59c24deb

Vulnerable Configurations

CVSS

Base:	None
Impact:
Exploitability:

Access

Vector	Complexity	Authentication

Impact

Confidentiality	Integrity	Availability

Last major update

29-03-2024 - 12:45

Published

28-03-2024 - 23:15

Last modified

29-03-2024 - 12:45