Lucene search

GitHub Advisory DatabaseGHSA-R9XW-P7WJ-W792

HistoryMay 10, 2023 - 3:30 p.m.

n8n Information Disclosure vulnerability

2023-05-1015:30:22

CWE-668

GitHub Advisory Database

github.com

n8n package

vulnerability

version 0.216.1

node.js

information disclosure

software

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

47.1%

JSON

The n8n package prior to 0.216.1 for Node.js allows Information Disclosure.

Affected configurations

Vulners

Node

n8nn8nRange<0.216.1node.js

CPENameOperatorVersion
n8nlt0.216.1

CPE	Name	Operator	Version
	n8n	lt	0.216.1

References

github.com/advisories/GHSA-r9xw-p7wj-w792

github.com/n8n-io/n8n/commit/27adea70459329fc0dddabee69e10c9d1453835f

github.com/n8n-io/n8n/pull/5525

github.com/n8n-io/n8n/releases/tag/n8n%400.216.1

nvd.nist.gov/vuln/detail/CVE-2023-27564

security.netapp.com/advisory/ntap-20230622-0007/

www.synacktiv.com/sites/default/files/2023-05/Synacktiv-N8N-Multiple-Vulnerabilities_0.pdf

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

47.1%

JSON

Related for GHSA-R9XW-P7WJ-W792