CVE-2023-2850
CVSS 3.1 Score 9.8 of 10 (high)
Details
Published Jul 25, 2023
Updated: Aug 7, 2023
CWE ID 287
CWE ID 798
Summary
CVE-2023-2850 is a newly discovered vulnerability affecting NodeBB, an open-source forum software. This issue stems from a lack of validation for request origins in NodeBB's WebSocket communication, leading to a Cross-Site WebSocket Hijacking vulnerability. An attacker who successfully exploits this vulnerability can extract sensitive user information. This weakness poses a significant risk to NodeBB installations, and immediate updates or appropriate mitigations are required to secure affected systems.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Vendors
- Rocket Software, Inc.
Advisories, Assessments, and Mitigations
Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future
Note: This is just a basic overview providing quick insights into CVE-2023-2850 information. Gain full access to comprehensive CVE data, third party vulnerabilities, compromised credentials and more with Recorded Future
- Gain complete coverage of your cyber, third party, and physical attack surface
- Proactively mitigate threats before they turn into costly attacks
- Make fast, effective, data-driven decisions