cve-2022-36045
Vulnerability from cvelistv5
Published
2022-08-31 15:10
Modified
2024-08-03 09:52
Severity ?
9.0 (Critical) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Summary
NodeBB Forum Software is powered by Node.js and supports either Redis, MongoDB, or a PostgreSQL database. It utilizes web sockets for instant interactions and real-time notifications. `utils.generateUUID`, a helper function available in essentially all versions of NodeBB (as far back as v1.0.1 and potentially earlier) used a cryptographically insecure Pseudo-random number generator (`Math.random()`), which meant that a specially crafted script combined with multiple invocations of the password reset functionality could enable an attacker to correctly calculate the reset code for an account they do not have access to. This vulnerability impacts all installations of NodeBB. The vulnerability allows for an attacker to take over any account without the involvement of the victim, and as such, the remediation should be applied immediately (either via NodeBB upgrade or cherry-pick of the specific changeset. The vulnerability has been patched in version 2.x and 1.19.x. There is no known workaround, but the patch sets listed above will fully patch the vulnerability.
References
security-advisories@github.comhttps://github.com/NodeBB/NodeBB/commit/81e3c1ba488d03371a5ce8d0ebb5c5803026e0f9Patch, Third Party Advisory
security-advisories@github.comhttps://github.com/NodeBB/NodeBB/commit/e802fab87f94a13f397f04cfe6068f2f7ddf7888Patch, Third Party Advisory
security-advisories@github.comhttps://github.com/NodeBB/NodeBB/security/advisories/GHSA-p4cc-w597-6cpmThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/NodeBB/NodeBB/commit/81e3c1ba488d03371a5ce8d0ebb5c5803026e0f9Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/NodeBB/NodeBB/commit/e802fab87f94a13f397f04cfe6068f2f7ddf7888Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/NodeBB/NodeBB/security/advisories/GHSA-p4cc-w597-6cpmThird Party Advisory
Impacted products
Vendor Product Version
NodeBB NodeBB Version: < 1.19.8
Version: = 2.0.0
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T09:52:00.523Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://github.com/NodeBB/NodeBB/security/advisories/GHSA-p4cc-w597-6cpm",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/NodeBB/NodeBB/commit/81e3c1ba488d03371a5ce8d0ebb5c5803026e0f9",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/NodeBB/NodeBB/commit/e802fab87f94a13f397f04cfe6068f2f7ddf7888",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "NodeBB",
               vendor: "NodeBB",
               versions: [
                  {
                     status: "affected",
                     version: "< 1.19.8",
                  },
                  {
                     status: "affected",
                     version: "= 2.0.0",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "NodeBB Forum Software is powered by Node.js and supports either Redis, MongoDB, or a PostgreSQL database. It utilizes web sockets for instant interactions and real-time notifications. `utils.generateUUID`, a helper function available in essentially all versions of NodeBB (as far back as v1.0.1 and potentially earlier) used a cryptographically insecure Pseudo-random number generator (`Math.random()`), which meant that a specially crafted script combined with multiple invocations of the password reset functionality could enable an attacker to correctly calculate the reset code for an account they do not have access to. This vulnerability impacts all installations of NodeBB. The vulnerability allows for an attacker to take over any account without the involvement of the victim, and as such, the remediation should be applied immediately (either via NodeBB upgrade or cherry-pick of the specific changeset. The vulnerability has been patched in version 2.x and 1.19.x. There is no known workaround, but the patch sets listed above will fully patch the vulnerability.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "HIGH",
                  attackVector: "NETWORK",
                  availabilityImpact: "HIGH",
                  baseScore: 9,
                  baseSeverity: "CRITICAL",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "CHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-330",
                     description: "CWE-330: Use of Insufficiently Random Values",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
            {
               descriptions: [
                  {
                     cweId: "CWE-338",
                     description: "CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-08-31T15:10:09",
            orgId: "a0819718-46f1-4df5-94e2-005712e83aaa",
            shortName: "GitHub_M",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://github.com/NodeBB/NodeBB/security/advisories/GHSA-p4cc-w597-6cpm",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/NodeBB/NodeBB/commit/81e3c1ba488d03371a5ce8d0ebb5c5803026e0f9",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/NodeBB/NodeBB/commit/e802fab87f94a13f397f04cfe6068f2f7ddf7888",
            },
         ],
         source: {
            advisory: "GHSA-p4cc-w597-6cpm",
            discovery: "UNKNOWN",
         },
         title: "Account takeover via cryptographically weak PRNG in NodeBB Forum",
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security-advisories@github.com",
               ID: "CVE-2022-36045",
               STATE: "PUBLIC",
               TITLE: "Account takeover via cryptographically weak PRNG in NodeBB Forum",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "NodeBB",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "< 1.19.8",
                                       },
                                       {
                                          version_value: "= 2.0.0",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "NodeBB",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "NodeBB Forum Software is powered by Node.js and supports either Redis, MongoDB, or a PostgreSQL database. It utilizes web sockets for instant interactions and real-time notifications. `utils.generateUUID`, a helper function available in essentially all versions of NodeBB (as far back as v1.0.1 and potentially earlier) used a cryptographically insecure Pseudo-random number generator (`Math.random()`), which meant that a specially crafted script combined with multiple invocations of the password reset functionality could enable an attacker to correctly calculate the reset code for an account they do not have access to. This vulnerability impacts all installations of NodeBB. The vulnerability allows for an attacker to take over any account without the involvement of the victim, and as such, the remediation should be applied immediately (either via NodeBB upgrade or cherry-pick of the specific changeset. The vulnerability has been patched in version 2.x and 1.19.x. There is no known workaround, but the patch sets listed above will fully patch the vulnerability.",
                  },
               ],
            },
            impact: {
               cvss: {
                  attackComplexity: "HIGH",
                  attackVector: "NETWORK",
                  availabilityImpact: "HIGH",
                  baseScore: 9,
                  baseSeverity: "CRITICAL",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "CHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
                  version: "3.1",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "CWE-330: Use of Insufficiently Random Values",
                        },
                     ],
                  },
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://github.com/NodeBB/NodeBB/security/advisories/GHSA-p4cc-w597-6cpm",
                     refsource: "CONFIRM",
                     url: "https://github.com/NodeBB/NodeBB/security/advisories/GHSA-p4cc-w597-6cpm",
                  },
                  {
                     name: "https://github.com/NodeBB/NodeBB/commit/81e3c1ba488d03371a5ce8d0ebb5c5803026e0f9",
                     refsource: "MISC",
                     url: "https://github.com/NodeBB/NodeBB/commit/81e3c1ba488d03371a5ce8d0ebb5c5803026e0f9",
                  },
                  {
                     name: "https://github.com/NodeBB/NodeBB/commit/e802fab87f94a13f397f04cfe6068f2f7ddf7888",
                     refsource: "MISC",
                     url: "https://github.com/NodeBB/NodeBB/commit/e802fab87f94a13f397f04cfe6068f2f7ddf7888",
                  },
               ],
            },
            source: {
               advisory: "GHSA-p4cc-w597-6cpm",
               discovery: "UNKNOWN",
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa",
      assignerShortName: "GitHub_M",
      cveId: "CVE-2022-36045",
      datePublished: "2022-08-31T15:10:09",
      dateReserved: "2022-07-15T00:00:00",
      dateUpdated: "2024-08-03T09:52:00.523Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
   "vulnerability-lookup:meta": {
      nvd: "{\"cve\":{\"id\":\"CVE-2022-36045\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2022-08-31T15:15:08.857\",\"lastModified\":\"2024-11-21T07:12:15.687\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"NodeBB Forum Software is powered by Node.js and supports either Redis, MongoDB, or a PostgreSQL database. It utilizes web sockets for instant interactions and real-time notifications. `utils.generateUUID`, a helper function available in essentially all versions of NodeBB (as far back as v1.0.1 and potentially earlier) used a cryptographically insecure Pseudo-random number generator (`Math.random()`), which meant that a specially crafted script combined with multiple invocations of the password reset functionality could enable an attacker to correctly calculate the reset code for an account they do not have access to. This vulnerability impacts all installations of NodeBB. The vulnerability allows for an attacker to take over any account without the involvement of the victim, and as such, the remediation should be applied immediately (either via NodeBB upgrade or cherry-pick of the specific changeset. The vulnerability has been patched in version 2.x and 1.19.x. There is no known workaround, but the patch sets listed above will fully patch the vulnerability.\"},{\"lang\":\"es\",\"value\":\"El software de foros NodeBB está impulsado por Node.js y es compatible con Redis, MongoDB o una base de datos PostgreSQL. Utiliza web sockets para interacciones instantáneas y notificaciones en tiempo real. `utils.generateUUID`, una función de ayuda disponible en prácticamente todas las versiones de NodeBB (desde la v1.0.1 y potencialmente antes) utilizaba un generador de números pseudoaleatorios criptográficamente inseguro (`Math.random()`), lo que significaba que un script especialmente diseñado combinado con múltiples invocaciones de la funcionalidad de restablecimiento de contraseña podía permitir a un atacante calcular correctamente el código de restablecimiento para una cuenta a la que no tuviera acceso. Esta vulnerabilidad afecta a todas las instalaciones de NodeBB. La vulnerabilidad permite a un atacante tomar el control de cualquier cuenta sin la participación de la víctima, y como tal, la remediación debe ser aplicada inmediatamente (ya sea a través de la actualización de NodeBB o cherry-pick del conjunto de cambios específicos. La vulnerabilidad ha sido parcheada en las versiones 2.x y 1.19.x. No hay una solución conocida, pero los conjuntos de parches listados arriba parcharán completamente la vulnerabilidad\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":9.0,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":6.0},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-330\"},{\"lang\":\"en\",\"value\":\"CWE-338\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-338\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nodebb:nodebb:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.19.8\",\"matchCriteriaId\":\"7C8C6F6C-436C-48C1-B4E5-BBEF11C6C417\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nodebb:nodebb:2.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2A75FB8D-A0A2-4888-A241-CE7BB2D081F6\"}]}]}],\"references\":[{\"url\":\"https://github.com/NodeBB/NodeBB/commit/81e3c1ba488d03371a5ce8d0ebb5c5803026e0f9\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/NodeBB/NodeBB/commit/e802fab87f94a13f397f04cfe6068f2f7ddf7888\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/NodeBB/NodeBB/security/advisories/GHSA-p4cc-w597-6cpm\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/NodeBB/NodeBB/commit/81e3c1ba488d03371a5ce8d0ebb5c5803026e0f9\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/NodeBB/NodeBB/commit/e802fab87f94a13f397f04cfe6068f2f7ddf7888\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/NodeBB/NodeBB/security/advisories/GHSA-p4cc-w597-6cpm\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}",
   },
}


Log in or create an account to share your comment.

Security Advisory comment format.

This schema specifies the format of a comment related to a security advisory.

UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).



Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.