CVE-2022-36076

Published: Sep 2, 2022

Modified: Apr 22, 2025

PUBLISHED

CVSS v3.1

8.8

HIGH

Description

NodeBB Forum Software is powered by Node.js and supports either Redis, MongoDB, or a PostgreSQL database. Due to an unnecessarily strict conditional in the code handling the first step of the SSO process, the pre-existing logic that added (and later checked) a nonce was inadvertently rendered opt-in instead of opt-out. This re-exposed a vulnerability in that a specially crafted Man-in-the-Middle (MITM) attack could theoretically take over another user account during the single sign-on process. The issue has been fully patched in version 1.17.2.

Vendor	Product	Versions
NodeBB	NodeBB	affected `< 1.17.2`

Weaknesses (CWE)

CWE-352

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

References

https://blogs.opera.com/security/2022/03/bug-bounty-adventures-a-nodebb-0-day/

x_refsource_MISC

https://github.com/NodeBB/NodeBB/security/advisories/GHSA-xmgg-fx9p-prq6

x_refsource_CONFIRM

https://github.com/NodeBB/NodeBB/commit/a2400f6baff44cb2996487bcd0cc6e2acc74b3d4

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2022-36076

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References