Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2023-23918

Опубликовано: 16 фев. 2023
Источник: redhat
CVSS3: 7.5

Описание

A privilege escalation vulnerability exists in Node.js <19.6.1, <18.14.1, <16.19.1 and <14.21.3 that made it possible to bypass the experimental Permissions (https://nodejs.org/api/permissions.html) feature in Node.js and access non authorized modules by using process.mainModule.require(). This only affects users who had enabled the experimental permissions option with --experimental-policy.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat 3scale API Management Platform 23scale-amp-system-containerWill not fix
Red Hat Enterprise Linux 8nodejsNot affected
Red Hat Enterprise Linux 8nodejsFixedRHSA-2023:158204.04.2023
Red Hat Enterprise Linux 8nodejsFixedRHSA-2023:158304.04.2023
Red Hat Enterprise Linux 8nodejsFixedRHSA-2023:174312.04.2023
Red Hat Enterprise Linux 8.4 Extended Update SupportnodejsFixedRHSA-2023:153330.03.2023
Red Hat Enterprise Linux 8.6 Extended Update SupportnodejsFixedRHSA-2023:174212.04.2023
Red Hat Enterprise Linux 9nodejsFixedRHSA-2023:265409.05.2023
Red Hat Enterprise Linux 9nodejsFixedRHSA-2023:265509.05.2023
Red Hat Software Collections for Red Hat Enterprise Linux 7rh-nodejs14FixedRHSA-2023:174412.04.2023

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-863
https://bugzilla.redhat.com/show_bug.cgi?id=2171935Node.js: Permissions policies can be bypassed via process.mainModule

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2023-23918

CVSS3: 7.5
ubuntu
больше 2 лет назад

A privilege escalation vulnerability exists in Node.js <19.6.1, <18.14.1, <16.19.1 and <14.21.3 that made it possible to bypass the experimental Permissions (https://nodejs.org/api/permissions.html) feature in Node.js and access non authorized modules by using process.mainModule.require(). This only affects users who had enabled the experimental permissions option with --experimental-policy.

nvd логотип

CVE-2023-23918

CVSS3: 7.5
nvd
больше 2 лет назад

A privilege escalation vulnerability exists in Node.js <19.6.1, <18.14.1, <16.19.1 and <14.21.3 that made it possible to bypass the experimental Permissions (https://nodejs.org/api/permissions.html) feature in Node.js and access non authorized modules by using process.mainModule.require(). This only affects users who had enabled the experimental permissions option with --experimental-policy.

msrc логотип

CVE-2023-23918

CVSS3: 7.5
msrc
больше 2 лет назад

Описание отсутствует

debian логотип

CVE-2023-23918

CVSS3: 7.5
debian
больше 2 лет назад

A privilege escalation vulnerability exists in Node.js <19.6.1, <18.14 ...

github логотип

GHSA-33p5-m25c-cp6w

CVSS3: 7.5
github
больше 2 лет назад

A privilege escalation vulnerability exists in Node.js <19.6.1, <18.14.1, <16.19.1 and <14.21.3 that made it possible to bypass the experimental Permissions (https://nodejs.org/api/permissions.html) feature in Node.js and access non authorized modules by using process.mainModule.require(). This only affects users who had enabled the experimental permissions option with --experimental-policy.

7.5 High

CVSS3