HTTP: NodeBB socket.io Elevation of Privilege
This signature detects attempts to exploit a known vulnerability against NodeBB socket.io. A successful attack can lead to elevation of privilege and arbitrary code execution.
Extended Description
NodeBB is an open source Node.js based forum software. Due to a plain object with a prototype being used in socket.io message handling a specially crafted payload can be used to impersonate other users and takeover accounts. This vulnerability has been patched in version 2.6.1. Users are advised to upgrade. Users unable to upgrade may cherry-pick commit `48d143921753914da45926cca6370a92ed0c46b8` into their codebase to patch the exploit.
Affected Products
Nodebb nodebb
References
CVE: CVE-2022-46164
Short Name
HTTP:CTS:NODEBB-SCKTIO-EOP
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2022-46164 Elevation NodeBB Privilege of socket.io
Release Date
03/24/2023
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3650
False Positive
Unknown
Vendors
Nodebb