漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
API token verification can be bypassed
Vulnerability Description
Nodebb is an open source Node.js based forum software. In affected versions incorrect logic present in the token verification step unintentionally allowed master token access to the API. The vulnerability has been patch as of v1.18.5. Users are advised to upgrade as soon as possible.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
认证机制不恰当
Vulnerability Title
NodeBB 授权问题漏洞
Vulnerability Description
NodeBB是Design Create Play团队的一套使用Node.js(一套建立在Google V8 JavaScript引擎之上的网络应用平台)构建的论坛系统。 Nodebb 中存在授权问题漏洞,该漏洞源于产品的令牌验证逻辑错误。攻击者可通过该漏洞使用master令牌访问API。以下产品及版本受到影响:Nodebb v1.18.5 之前版本。
CVSS Information
N/A
Vulnerability Type
N/A