← volver
CVE-2026-28360

NocoDB: Plaintext Storage of Shared View Passwords

CVSS 2.7 LOWEPSS 0.2%CWE-256
NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, shared view passwords were stored in plaintext in the database and compared using direct string equality. This issue has been patched in version 0.301.3.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
Productos afectados
nocodb · nocodb

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/nocodb/nocodb/releases/tag/0.301.3https://github.com/nocodb/nocodb/security/advisories/GHSA-mpp2-x7wv-38hv