Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.AL2023_ALAS2023-2023-243.NASL
HistoryJul 20, 2023 - 12:00 a.m.

Amazon Linux 2023 : nodejs, nodejs-devel, nodejs-full-i18n (ALAS2023-2023-243)

2023-07-2000:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
5
JSON

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-243 advisory.

  • A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity. (CVE-2022-4904)

  • A privilege escalation vulnerability exists in Node.js <19.6.1, <18.14.1, <16.19.1 and <14.21.3 that made it possible to bypass the experimental Permissions (https://nodejs.org/api/permissions.html) feature in Node.js and access non authorized modules by using process.mainModule.require(). This only affects users who had enabled the experimental permissions option with --experimental-policy. (CVE-2023-23918)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux 2023 Security Advisory ALAS2023-2023-243.
##

include('compat.inc');

if (description)
{
  script_id(178534);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/07/20");

  script_cve_id("CVE-2022-4904", "CVE-2023-23918");

  script_name(english:"Amazon Linux 2023 : nodejs, nodejs-devel, nodejs-full-i18n (ALAS2023-2023-243)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Amazon Linux 2023 host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-243 advisory.

  - A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the
    input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of
    service or a limited impact on confidentiality and integrity. (CVE-2022-4904)

  - A privilege escalation vulnerability exists in Node.js <19.6.1, <18.14.1, <16.19.1 and <14.21.3 that made
    it possible to bypass the experimental Permissions (https://nodejs.org/api/permissions.html) feature in
    Node.js and access non authorized modules by using process.mainModule.require(). This only affects users
    who had enabled the experimental permissions option with --experimental-policy. (CVE-2023-23918)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/AL2023/ALAS-2023-243.html");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2022-4904.html");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2023-23918.html");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/faqs.html");
  script_set_attribute(attribute:"solution", value:
"Run 'dnf update nodejs --releasever 2023.1.20230719' to update your system.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-4904");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2023/02/16");
  script_set_attribute(attribute:"patch_publication_date", value:"2023/07/05");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/07/20");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:nodejs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:nodejs-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:nodejs-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:nodejs-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:nodejs-docs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:nodejs-full-i18n");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:nodejs-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:nodejs-libs-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:npm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:v8-devel");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux:2023");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Amazon Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");

  exit(0);
}

include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

var alas_release = get_kb_item("Host/AmazonLinux/release");
if (isnull(alas_release) || !strlen(alas_release)) audit(AUDIT_OS_NOT, "Amazon Linux");
var os_ver = pregmatch(pattern: "^AL(A|\d+|-\d+)", string:alas_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "-2023")
{
  if (os_ver == 'A') os_ver = 'AMI';
  audit(AUDIT_OS_NOT, "Amazon Linux 2023", "Amazon Linux " + os_ver);
}

if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

var pkgs = [
    {'reference':'nodejs-18.12.1-1.amzn2023.0.6', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'nodejs-18.12.1-1.amzn2023.0.6', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'nodejs-18.12.1-1.amzn2023.0.6', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'nodejs-debuginfo-18.12.1-1.amzn2023.0.6', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'nodejs-debuginfo-18.12.1-1.amzn2023.0.6', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'nodejs-debuginfo-18.12.1-1.amzn2023.0.6', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'nodejs-debugsource-18.12.1-1.amzn2023.0.6', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'nodejs-debugsource-18.12.1-1.amzn2023.0.6', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'nodejs-debugsource-18.12.1-1.amzn2023.0.6', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'nodejs-devel-18.12.1-1.amzn2023.0.6', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'nodejs-devel-18.12.1-1.amzn2023.0.6', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'nodejs-devel-18.12.1-1.amzn2023.0.6', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'nodejs-docs-18.12.1-1.amzn2023.0.6', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'nodejs-full-i18n-18.12.1-1.amzn2023.0.6', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'nodejs-full-i18n-18.12.1-1.amzn2023.0.6', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'nodejs-full-i18n-18.12.1-1.amzn2023.0.6', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'nodejs-libs-18.12.1-1.amzn2023.0.6', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'nodejs-libs-18.12.1-1.amzn2023.0.6', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'nodejs-libs-18.12.1-1.amzn2023.0.6', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'nodejs-libs-debuginfo-18.12.1-1.amzn2023.0.6', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'nodejs-libs-debuginfo-18.12.1-1.amzn2023.0.6', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'nodejs-libs-debuginfo-18.12.1-1.amzn2023.0.6', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'npm-8.19.2-1.18.12.1.1.amzn2023.0.6', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'npm-8.19.2-1.18.12.1.1.amzn2023.0.6', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'npm-8.19.2-1.18.12.1.1.amzn2023.0.6', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'v8-devel-10.2.154.15-1.18.12.1.1.amzn2023.0.6', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'v8-devel-10.2.154.15-1.18.12.1.1.amzn2023.0.6', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'v8-devel-10.2.154.15-1.18.12.1.1.amzn2023.0.6', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE}
];

var flag = 0;
foreach var package_array ( pkgs ) {
  var reference = NULL;
  var _release = NULL;
  var sp = NULL;
  var _cpu = NULL;
  var el_string = NULL;
  var rpm_spec_vers_cmp = NULL;
  var epoch = NULL;
  var allowmaj = NULL;
  var exists_check = NULL;
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (!empty_or_null(package_array['release'])) _release = package_array['release'];
  if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
  if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
  if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
  if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
  if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
  if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
  if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
  if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {
    if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "nodejs / nodejs-debuginfo / nodejs-debugsource / etc");
}
VendorProductVersionCPE
amazonlinuxnodejsp-cpe:/a:amazon:linux:nodejs
amazonlinuxnodejs-debuginfop-cpe:/a:amazon:linux:nodejs-debuginfo
amazonlinuxnodejs-debugsourcep-cpe:/a:amazon:linux:nodejs-debugsource
amazonlinuxnodejs-develp-cpe:/a:amazon:linux:nodejs-devel
amazonlinuxnodejs-docsp-cpe:/a:amazon:linux:nodejs-docs
amazonlinuxnodejs-full-i18np-cpe:/a:amazon:linux:nodejs-full-i18n
amazonlinuxnodejs-libsp-cpe:/a:amazon:linux:nodejs-libs
amazonlinuxnodejs-libs-debuginfop-cpe:/a:amazon:linux:nodejs-libs-debuginfo
amazonlinuxnpmp-cpe:/a:amazon:linux:npm
amazonlinuxv8-develp-cpe:/a:amazon:linux:v8-devel
Rows per page:
1-10 of 111

Related

hackerone 1
nessus 67
redhat 12
prion 2
osv 18
redhatcve 2
cbl_mariner 12
alpinelinux 1
cve 2
ubuntucve 2
veracode 1
debiancve 2
ibm 8
openvas 28
redos 1
debian 1
ubuntu 1
almalinux 8
amazon 2
gitlab 1
mageia 2
fedora 5
oraclelinux 8
rocky 5
f5 1
photon 1
rosalinux 2
nodejsblog 1
altlinux 1
gentoo 1
hackerone
hackerone
Node.js: Permissions policies can be bypassed via process.mainModule
2022-10-24 11:29:58
nessus
nessus
RHEL 7 : rh-nodejs14-nodejs (RHSA-2023:1744)
2023-04-12 00:00:00
CBL Mariner 2.0 Security Update: nodejs (CVE-2023-23918)
2023-03-28 00:00:00
EulerOS Virtualization 2.9.0 : c-ares (EulerOS-SA-2023-2013)
2023-06-02 00:00:00
redhat
redhat
(RHSA-2023:1744) Important: rh-nodejs14-nodejs security, bug fix, and enhancement update
2023-04-12 14:38:13
(RHSA-2023:7116) Moderate: c-ares security update
2023-11-14 08:45:36
(RHSA-2023:7368) Moderate: c-ares security update
2023-11-21 08:12:35
prion
prion
Privilege escalation
2023-02-23 20:15:00
Stack overflow
2023-03-06 23:15:00
osv
osv
CVE-2023-23918
2023-02-23 20:15:13
BIT-node-2023-23918
2024-03-06 11:02:19
c-ares vulnerability
2023-03-02 12:48:30
redhatcve
redhatcve
CVE-2023-23918
2023-02-20 22:29:19
CVE-2022-4904
2023-02-15 10:29:26
cbl_mariner
cbl_mariner
CVE-2023-23918 affecting package nodejs 16.18.1-2
2023-03-24 23:56:25
CVE-2023-23918 affecting package nodejs 14.21.1-3
2023-08-15 16:37:27
CVE-2022-4904 affecting package grpc 1.42.0-7
2024-04-17 22:02:46
alpinelinux
alpinelinux
CVE-2023-23918
2023-02-23 20:15:13
cve
cve
CVE-2023-23918
2023-02-23 20:15:13
CVE-2022-4904
2023-03-06 23:15:11
ubuntucve
ubuntucve
CVE-2023-23918
2023-02-23 00:00:00
CVE-2022-4904
2023-02-15 00:00:00
veracode
veracode
Improper Access Control
2023-02-18 05:20:42
debiancve
debiancve
CVE-2023-23918
2023-02-23 20:15:13
CVE-2022-4904
2023-03-06 23:15:11
ibm
ibm
Security Bulletin: IBM App Connect Enterprise Certified Container operands may be vulnerable to security restriction bypasss due to [CVE-2023-23918]
2023-04-28 11:51:00
Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to denial of service and arbitrary code execution due to [CVE-2022-4904], [CVE-2023-32067]
2023-07-28 14:31:55
Security Bulletin: Vulnerabilities in cURL libcurl, PostgreSQL, PyPI cryptography, Node.js can affect IBM Spectrum Protect Plus
2023-06-20 16:46:31
openvas
openvas
Huawei EulerOS: Security Advisory for c-ares (EulerOS-SA-2023-2284)
2023-07-04 00:00:00
Debian: Security Advisory (DLA-3323-1)
2023-02-19 00:00:00
Fedora: Security Advisory for c-ares (FEDORA-2023-30e81e5293)
2023-03-08 00:00:00
redos
redos
ROS-20230316-01
2023-03-16 00:00:00
debian
debian
[SECURITY] [DLA 3323-1] c-ares security update
2023-02-18 22:55:21
ubuntu
ubuntu
c-ares vulnerability
2023-03-02 00:00:00
almalinux
almalinux
Moderate: c-ares security update
2023-11-14 00:00:00
Moderate: nodejs and nodejs-nodemon security, bug fix, and enhancement update
2023-05-09 00:00:00
Important: nodejs:14 security, bug fix, and enhancement update
2023-04-12 00:00:00
amazon
amazon
Medium: c-ares
2023-07-05 21:44:00
Medium: c-ares
2024-01-03 21:04:00
gitlab
gitlab
Improper Input Validation
2023-03-06 00:00:00
mageia
mageia
Updated c-ares packages fix security vulnerability
2023-02-27 23:27:16
Updated nodejs packages fix security vulnerability
2023-03-02 00:14:31
fedora
fedora
[SECURITY] Fedora 37 Update: c-ares-1.19.0-1.fc37
2023-02-23 02:21:41
[SECURITY] Fedora 36 Update: c-ares-1.19.0-1.fc36
2023-03-08 01:22:23
[SECURITY] Fedora 38 Update: nodejs20-19.8.1-7.fc38
2023-04-04 18:17:01
oraclelinux
oraclelinux
c-ares security update
2023-11-17 00:00:00
nodejs and nodejs-nodemon security, bug fix, and enhancement update
2023-05-17 00:00:00
nodejs:14 security, bug fix, and enhancement update
2023-04-12 00:00:00
rocky
rocky
nodejs and nodejs-nodemon security, bug fix, and enhancement update
2023-05-25 19:53:09
nodejs:14 security, bug fix, and enhancement update
2023-04-26 15:28:13
nodejs:16 security, bug fix, and enhancement update
2023-04-06 15:52:43
f5
f5
K000134602 : Node.js vulnerabilities CVE-2023-23918 and CVE-2023-23920
2023-05-15 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2023-3.0-0552
2023-03-17 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2023-2284
2023-10-31 14:04:36
Advisory ROSA-SA-2023-2246
2023-10-17 12:06:48
nodejsblog
nodejsblog
Thursday February 16 2023 Security Releases
2023-02-16 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package node version 16.19.1-alt1
2023-03-22 00:00:00
gentoo
gentoo
c-ares: Multiple Vulnerabilities
2024-01-05 00:00:00
JSON
Related for AL2023_ALAS2023-2023-243.NASL
hackerone1nessus67redhat12prion2osv18redhatcve2cbl_mariner12alpinelinux1cve2ubuntucve2veracode1debiancve2ibm8openvas28redos1debian1ubuntu1almalinux8amazon2gitlab1mageia2fedora5oraclelinux8rocky5f51photon1rosalinux2nodejsblog1altlinux1gentoo1