CVE-2023-32005

🗓️ 12 Sep 2023 01:36:55Reported by hackeroneType

A vulnerability in Node.js 20's experimental permission model allows unauthorized retrieval of file stats using the --allow-fs-read flag

Reporter	Title	Published	Views	Family All 61
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 9.0.1	16 Nov 202315:21	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to multiple Node.js vulnerabilities	31 Jan 202413:28	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM SDK for Node.js and packaged modules affect IBM Business Automation Workflow Configuration Editor	26 Sep 202308:26	–	ibm
IBM Security Bulletins	Security Bulletin: Netcool Operations Insights 1.6.11 addresses multiple security vulnerabilities.	20 Dec 202316:10	–	ibm
IBM Security Bulletins	Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to bypassing security restrictions due to multiple Node.js vulnerabilities	14 Sep 202317:19	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Node.js affect IBM Voice Gateway	2 Oct 202320:07	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities present in IBM Answer Retrieval for Watson Discovery versions 2.13 and earlier	12 Oct 202319:11	–	ibm
Circl	CVE-2023-32005	14 Nov 202412:00	–	circl
CNNVD	Node.js Security Vulnerabilities	9 Aug 202300:00	–	cnnvd
Cvelist	CVE-2023-32005	12 Sep 202301:36	–	cvelist

NVD

Vulners

Node

nodejs node.jsRange20.0.0–20.5.1-

[
  {
    "product": "Node",
    "vendor": "NodeJS",
    "defaultStatus": "unaffected",
    "versions": [
      {
        "versionType": "semver",
        "version": "4.0",
        "status": "affected",
        "lessThan": "4.*"
      },
      {
        "versionType": "semver",
        "version": "5.0",
        "status": "affected",
        "lessThan": "5.*"
      },
      {
        "versionType": "semver",
        "version": "6.0",
        "status": "affected",
        "lessThan": "6.*"
      },
      {
        "versionType": "semver",
        "version": "7.0",
        "status": "affected",
        "lessThan": "7.*"
      },
      {
        "versionType": "semver",
        "version": "8.0",
        "status": "affected",
        "lessThan": "8.*"
      },
      {
        "versionType": "semver",
        "version": "9.0",
        "status": "affected",
        "lessThan": "9.*"
      },
      {
        "versionType": "semver",
        "version": "10.0",
        "status": "affected",
        "lessThan": "10.*"
      },
      {
        "versionType": "semver",
        "version": "11.0",
        "status": "affected",
        "lessThan": "11.*"
      },
      {
        "versionType": "semver",
        "version": "12.0",
        "status": "affected",
        "lessThan": "12.*"
      },
      {
        "versionType": "semver",
        "version": "13.0",
        "status": "affected",
        "lessThan": "13.*"
      },
      {
        "versionType": "semver",
        "version": "14.0",
        "status": "affected",
        "lessThan": "14.*"
      },
      {
        "versionType": "semver",
        "version": "15.0",
        "status": "affected",
        "lessThan": "15.*"
      },
      {
        "versionType": "semver",
        "version": "17.0",
        "status": "affected",
        "lessThan": "17.*"
      },
      {
        "versionType": "semver",
        "version": "19.0",
        "status": "affected",
        "lessThan": "19.*"
      },
      {
        "versionType": "semver",
        "version": "20.0",
        "status": "affected",
        "lessThan": "20.5.1"
      }
    ]
  }
]

Source	Link
security	www.security.netapp.com/advisory/ntap-20231103-0004/
hackerone	www.hackerone.com/reports/2051224

05 May 2025 14:15Current

6.6Medium risk

Vulners AI Score6.6

CVSS 3.15.3

EPSS0.00978

SSVC

CWE-732