NocoDB security bypass | CVE-2022-2064
NAME
NocoDB security bypass
- Platforms Affected:
NocoDB NocoDB 0.91.8 - Risk Level:
9.1 - Exploitability:
Unproven - Consequences:
Bypass Security
DESCRIPTION
NocoDB could allow a remote authenticated attacker to bypass security restrictions, caused by insufficient session expiration. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass authentication and obtain administrative access.
CVSS 3.0 Information
- Privileges Required: High
- User Interaction: None
- Scope: Changed
- Access Vector: Network
- Access Complexity: Low
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
- Remediation Level: Official Fix
MITIGATION
Refer to NocoDB GIT Repository for patch, upgrade or suggested workaround information. See References.
- Reference Link:
https://huntr.dev/bounties/39523d51-fc5c-48b8-a082-171da79761bb/ - Reference Link:
https://github.com/nocodb/nocodb/commit/c9b5111b25aea2781e19395a8e9107ddbd235a2b
If you like the site, please consider joining the telegram channel and supporting us on Patreon using the button below.