Intrusion PreventionNodeBB.socket.io.Privilege.Elevation
Description
This indicates an attack attempt to exploit an Elevation of Privilege Vulnerability in NodeBB.
The vulnerability is due to insufficient validation of messages sent to the socket.io module. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successful exploitation could result in elevation of privilege.
Affected Products
NodeBB prior to 2.8.1
Impact
Privilege Escalation: Remote attackers can leverage their privileges on vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://github.com/NodeBB/NodeBB/security/advisories/GHSA-rf3g-v8p5-p675
Telemetry
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
Version Updates
| Date | Version | Detail |
|---|---|---|
| 2024-07-15 | 28.826 | Name:NodeBB. socket. io. Elevation. of. Privilege:NodeBB. socket. io. Privilege. Elevation |
| 2023-04-26 | 23.541 | Sig Added |
| 2023-03-28 | 23.521 | Default_action:pass:drop |
| 2023-03-17 | 23.514 |
| ID | 52726 |
| Created | Mar 09, 2023 |
| Updated | Jul 11, 2024 |
| Risk |
|
| CVE ID | CVE-2022-46164 |
| Exploit Prediction Score | 0.2% |
| Default Action | drop |
| Active | |
| Affected OS | Windows, Linux, MacOS |
| Affected App | Other |