CVE-2022-36045

{"id": "CVE-2022-36045", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.0, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 2.2}]}, "published": "2022-08-31T15:15:08.857", "references": [{"url": "https://github.com/NodeBB/NodeBB/commit/81e3c1ba488d03371a5ce8d0ebb5c5803026e0f9", "tags": ["Patch", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/NodeBB/NodeBB/commit/e802fab87f94a13f397f04cfe6068f2f7ddf7888", "tags": ["Patch", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/NodeBB/NodeBB/security/advisories/GHSA-p4cc-w597-6cpm", "tags": ["Third Party Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-338"}]}, {"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-330"}, {"lang": "en", "value": "CWE-338"}]}], "descriptions": [{"lang": "en", "value": "NodeBB Forum Software is powered by Node.js and supports either Redis, MongoDB, or a PostgreSQL database. It utilizes web sockets for instant interactions and real-time notifications. `utils.generateUUID`, a helper function available in essentially all versions of NodeBB (as far back as v1.0.1 and potentially earlier) used a cryptographically insecure Pseudo-random number generator (`Math.random()`), which meant that a specially crafted script combined with multiple invocations of the password reset functionality could enable an attacker to correctly calculate the reset code for an account they do not have access to. This vulnerability impacts all installations of NodeBB. The vulnerability allows for an attacker to take over any account without the involvement of the victim, and as such, the remediation should be applied immediately (either via NodeBB upgrade or cherry-pick of the specific changeset. The vulnerability has been patched in version 2.x and 1.19.x. There is no known workaround, but the patch sets listed above will fully patch the vulnerability."}, {"lang": "es", "value": "El software de foros NodeBB est\u00e1 impulsado por Node.js y es compatible con Redis, MongoDB o una base de datos PostgreSQL. Utiliza web sockets para interacciones instant\u00e1neas y notificaciones en tiempo real. `utils.generateUUID`, una funci\u00f3n de ayuda disponible en pr\u00e1cticamente todas las versiones de NodeBB (desde la v1.0.1 y potencialmente antes) utilizaba un generador de n\u00fameros pseudoaleatorios criptogr\u00e1ficamente inseguro (`Math.random()`), lo que significaba que un script especialmente dise\u00f1ado combinado con m\u00faltiples invocaciones de la funcionalidad de restablecimiento de contrase\u00f1a pod\u00eda permitir a un atacante calcular correctamente el c\u00f3digo de restablecimiento para una cuenta a la que no tuviera acceso. Esta vulnerabilidad afecta a todas las instalaciones de NodeBB. La vulnerabilidad permite a un atacante tomar el control de cualquier cuenta sin la participaci\u00f3n de la v\u00edctima, y como tal, la remediaci\u00f3n debe ser aplicada inmediatamente (ya sea a trav\u00e9s de la actualizaci\u00f3n de NodeBB o cherry-pick del conjunto de cambios espec\u00edficos. La vulnerabilidad ha sido parcheada en las versiones 2.x y 1.19.x. No hay una soluci\u00f3n conocida, pero los conjuntos de parches listados arriba parchar\u00e1n completamente la vulnerabilidad"}], "lastModified": "2022-09-06T18:09:53.523", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:nodebb:nodebb:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7C8C6F6C-436C-48C1-B4E5-BBEF11C6C417", "versionEndExcluding": "1.19.8"}, {"criteria": "cpe:2.3:a:nodebb:nodebb:2.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2A75FB8D-A0A2-4888-A241-CE7BB2D081F6"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}