CVE-2016-10532

Published: May 31, 2018

Modified: Sep 16, 2024

PUBLISHED

Description

console-io is a module that allows users to implement a web console in their application. A malicious user could bypass the authentication and execute any command that the user who is running the console-io application 2.2.13 and earlier is able to run. This means that if console-io was running from root, the attacker would have full access to the system. This vulnerability exists because the console-io application does not configure socket.io to require authentication, which allows a malicious user to connect via a websocket to send commands and receive the response.

Vendor	Product	Versions
HackerOne	console-io node module	affected `<=2.2.13`

References

https://nodesecurity.io/advisories/90

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2016-10532

Description

Affected Products

References