CWE-1385
Missing Origin Validation in WebSockets
VariantIncomplete
Description
The product uses a WebSocket, but it does not properly verify that the source of data or communication is valid.
Hierarchy (View 1000)
Parents
Children
none
CVEs mapped to this weakness (22)
page 2 of 2| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-2850 | 0.00 | — | 0.00 | Jul 25, 2023 | NodeBB is affected by a Cross-Site WebSocket Hijacking vulnerability due to missing validation of the request origin. Exploitation of this vulnerability allows certain user information to be extracted by attacker. | |||
| CVE-2023-26114 | — | 0.00 | — | 0.00 | Mar 23, 2023 | Versions of the package code-server before 4.10.1 are vulnerable to Missing Origin Validation in WebSockets handshakes. Exploiting this vulnerability can allow an adversary in specific scenarios to access data from and connect to the code-server instance. |
- CVE-2023-2850Jul 25, 2023risk 0.00cvss —epss 0.00
NodeBB is affected by a Cross-Site WebSocket Hijacking vulnerability due to missing validation of the request origin. Exploitation of this vulnerability allows certain user information to be extracted by attacker.
- CVE-2023-26114Mar 23, 2023risk 0.00cvss —epss 0.00
Versions of the package code-server before 4.10.1 are vulnerable to Missing Origin Validation in WebSockets handshakes. Exploiting this vulnerability can allow an adversary in specific scenarios to access data from and connect to the code-server instance.