{"id":"GHSA-xmgg-fx9p-prq6","summary":"NodeBB account takeover via SSO plugins","details":"_This is a historical security advisory, pertaining to a vulnerability that was reported, patched, and published in 2021. It is listed here for completeness and for CVE tracking purposes._\n\n### Impact\nDue to an unnecessarily strict conditional in the code handling the first step of the SSO process, the pre-existing logic that added (and later checked) a nonce was inadvertently rendered opt-in instead of opt-out.\n\nThis re-exposed a vulnerability in that a specially crafted MITM attack could theoretically take over another user account during the single sign-on process.\n\n### Patches\nThe issue has been fully patched as of v1.17.2.\n\nThe patch commit can be found at https://github.com/NodeBB/NodeBB/commit/a2400f6baff44cb2996487bcd0cc6e2acc74b3d4\n\n### Workarounds\nSite maintainers can cherry-pick https://github.com/NodeBB/NodeBB/commit/a2400f6baff44cb2996487bcd0cc6e2acc74b3d4 into their codebase to patch the exploit.\n\n### References\n* https://blogs.opera.com/security/2022/03/bug-bounty-adventures-a-nodebb-0-day/\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Discuss it on [our community forum](community.nodebb.org/)\n* Email us at [support@nodebb.org](mailto:support@nodebb.org)\n","aliases":["CVE-2022-36076"],"modified":"2023-11-08T04:09:59.760111Z","published":"2022-09-16T18:38:45Z","database_specific":{"github_reviewed":true,"nvd_published_at":"2022-09-02T13:15:00Z","cwe_ids":["CWE-352"],"github_reviewed_at":"2022-09-16T18:38:45Z","severity":"HIGH"},"references":[{"type":"WEB","url":"https://github.com/NodeBB/NodeBB/security/advisories/GHSA-xmgg-fx9p-prq6"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-36076"},{"type":"WEB","url":"https://github.com/NodeBB/NodeBB/commit/a2400f6baff44cb2996487bcd0cc6e2acc74b3d4"},{"type":"WEB","url":"https://blogs.opera.com/security/2022/03/bug-bounty-adventures-a-nodebb-0-day"},{"type":"PACKAGE","url":"https://github.com/NodeBB/NodeBB"}],"affected":[{"package":{"name":"nodebb","ecosystem":"npm","purl":"pkg:npm/nodebb"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"1.17.2"}]}],"database_specific":{"last_known_affected_version_range":"\u003c= 1.17.1","source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/09/GHSA-xmgg-fx9p-prq6/GHSA-xmgg-fx9p-prq6.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}