Node.js: Permission model improperly protects against path traversal

🗓️ 01 Aug 2023 22:30:21Reported by tniessenType

hackerone

hackerone🔗 hackerone.com👁 46 Views

Node.js path traversal vulnerability patched in commit 205f1e6 (CVE-2023-30584

Reporter	Title	Published	Views	Family All 77
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities present in IBM Answer Retrieval for Watson Discovery versions 2.14 and earlier	19 Jan 202418:01	–	ibm
IBM Security Bulletins	Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to remote security bypass due to Node.js package	10 Mar 202515:03	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM SDK for Node.js and packaged modules affect IBM Business Automation Workflow Configuration Editor	17 Jan 202407:19	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities	6 Dec 202316:18	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Planning Analytics Local - Planning Analytics Workspace is affected by vulnerabilities in multiple Open Source Software (OSS) components	7 May 202419:21	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Spectrum Control is vulnerable to multiple weaknesses related to Node.js	11 Dec 202309:42	–	ibm
Tenable Nessus	Alibaba Cloud Linux 3 : 0247: nodejs:20 (ALINUX3-SA-2024:0247)	14 May 202500:00	–	nessus
Tenable Nessus	Fedora 38 : nodejs20 (2023-4d2fd884ea)	26 Oct 202300:00	–	nessus
Tenable Nessus	Fedora 39 : nodejs20 (2023-7b52921cae)	7 Nov 202300:00	–	nessus
Tenable Nessus	Fedora 37 : nodejs20 (2023-f66fc0f62a)	26 Oct 202300:00	–	nessus

13 Oct 2023 21:39Current

8.5High risk

Vulners AI Score8.5

CVSS 37.5 - 7.7

EPSS0.00657

SSVC

node.js path traversal vulnerability patched cve-2023-30584 commit 205f1e6 permission model experimental bug bounty