You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
API token verification can be bypassed in NodeBB
Critical severity
GitHub Reviewed
Published
Nov 27, 2021
in
NodeBB/NodeBB
•
Updated Jan 31, 2023
Impact
Incorrect logic present in the token verification step unintentionally allowed master token access to the API.
Patches
The vulnerability has been patch as of v1.18.5.
Workarounds
Cherry-pick commit hash 04dab1d550cdebf4c1567bca9a51f8b9ca48a500 to receive this patch in lieu of a full upgrade.
For more information
If you have any questions or comments about this advisory:
References