How severe is CVE-2022-36076?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2022-36076?

This is classified as CWE-352, which is a common weakness in software security.

CVE-2022-36076 - HIGH Severity | CVSS 7.5

Vulnerability Description

NodeBB Forum Software is powered by Node.js and supports either Redis, MongoDB, or a PostgreSQL database. Due to an unnecessarily strict conditional in the code handling the first step of the SSO process, the pre-existing logic that added (and later checked) a nonce was inadvertently rendered opt-in instead of opt-out. This re-exposed a vulnerability in that a specially crafted Man-in-the-Middle (MITM) attack could theoretically take over another user account during the single sign-on process. The issue has been fully patched in version 1.17.2.

Related Vulnerabilities

CVE-2015-7936

HIGH

CVSS:7.5(High)

Cross-site request forgery (CSRF) vulnerability in Motorola Solutions MOSCAD IP Gateway allows remote attackers to hijack the authentication of administrators for requests that modify a password.

CWE-3522015

CVE-2016-1139

HIGH

CVSS:7.5(High)

Cross-site request forgery (CSRF) vulnerability on KDDI HOME SPOT CUBE devices before 2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

CWE-3522016

CVE-2016-8718

HIGH

CVSS:7.5(High)

An exploitable Cross-Site Request Forgery vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. A specially crafted form can trick a c...

CWE-3522016

CVE-2017-1000092

HIGH

CVSS:7.5(High)

Git Plugin connects to a user-specified Git repository as part of form validation. An attacker with no direct access to Jenkins but able to guess at a username/password credentials ID could trick a de...

CWE-3522017

CVE-2017-12415

HIGH

CVSS:7.5(High)

OXID eShop Community Edition before 6.0.0 RC2 (development), 4.10.x before 4.10.5 (maintenance), and 4.9.x before 4.9.10 (legacy), Enterprise Edition before 6.0.0 RC2 (development), 5.2.x before 5.2.1...

CWE-3522017

CVE-2017-12439

HIGH

CVSS:7.5(High)

SocuSoft Flash Slideshow Maker Professional through v5.20, when the advanced configuration is used, has an xml_path HTTP parameter that trusts user-supplied input, in conjunction with an unsafe XML co...

CWE-3522017