Lucene search
MattaustinH1:2078581HistoryJul 21, 2023 - 4:12 a.m.
Internet Bug Bounty: CVE-2023-30587 Process-based permissions can be bypassed with the "inspector" module.
2023-07-2104:12:10
mattaustin
hackerone.com
$3495
45
internet bug bounty
cve-2023-30587
process-based permissions
inspector module
bypassed
permission model
resources
bugbounty
0 Low
EPSS
Percentile
0.0%
https://hackerone.com/reports/1962701 Restrictions set with the new process based permission flag can by bypassed with the built-in inspector module.
Impact
Permission Model is a mechanism for restricting access to specific resources during execution. This bypasses those restrictions.
Related
redhatcve
redhatcve
CVE-2023-30587
2023-07-05 15:18:33
ubuntucve
ubuntucve
CVE-2023-30587
2023-06-21 00:00:00
debiancve
debiancve
CVE-2023-30587
2023-06-21 04:12:44
wolfi
wolfi
CVE-2023-30587 vulnerabilities
2024-06-27 09:08:32
hackerone
hackerone
cve
cve
CVE-2023-30587
2023-06-21 04:12:44
cgr
cgr
CVE-2023-30587 vulnerabilities
2024-05-19 03:07:16
mageia
mageia
Updated nodejs packages fix security vulnerability
2023-07-07 08:54:45
openvas
openvas
Mageia: Security Advisory (MGASA-2023-0226)
2023-07-10 00:00:00
nessus
nessus
Node.js 16.x < 16.20.1 / 18.x < 18.16.1 / 20.x < 20.3.1 Multiple Vulnerabilities (Tuesday June 20 2023 Security Releases).
2023-06-22 00:00:00
GLSA-202405-29 : Node.js: Multiple Vulnerabilities
2024-05-08 00:00:00
Siemens SINEC NMS < V2.0 SP1 Multiple Vulnerabilities
2024-02-29 00:00:00
gentoo
gentoo
Node.js: Multiple Vulnerabilities
2024-05-08 00:00:00
ics
ics
Siemens SINEC NMS
2024-02-15 12:00:00