← voltar
CVE-2026-28360

NocoDB: Plaintext Storage of Shared View Passwords

CVSS 2.7 LOWEPSS 0.2%CWE-256
NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, shared view passwords were stored in plaintext in the database and compared using direct string equality. This issue has been patched in version 0.301.3.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
Produtos afetados
nocodb · nocodb

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/nocodb/nocodb/releases/tag/0.301.3https://github.com/nocodb/nocodb/security/advisories/GHSA-mpp2-x7wv-38hv