CVE-2024-29316 Information

Description

NodeBB 3.6.7 is vulnerable to Incorrect Access Control e.g. a low-privileged attacker can access the restricted tabs for the Admin group via \isadmin:true.

Reference

https://nodebb.org/bounty/ https://medium.com/%40krityamkarma858041/broken-access-control-nodebb-v3-6-7-eebc59c24deb