Описание
Incorrect Access Control in NodeBB
In NodeBB prior to 3.6.7 an attacker was able to access the restricted tabs for the Admin group which are only allowed the the administrators.
Пакеты
Наименование
nodebb
npm
Затронутые версииВерсия исправления
< 3.6.7
3.6.7
Связанные уязвимости
CVSS3: 6.3
nvd
почти 2 года назад
NodeBB 3.6.7 is vulnerable to Incorrect Access Control, e.g., a low-privileged attacker can access the restricted tabs for the Admin group via "isadmin":true.