Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.AL2023_ALAS2023-2024-569.NASL
HistoryMar 21, 2024 - 12:00 a.m.

Amazon Linux 2023 : nodejs, nodejs-devel, nodejs-full-i18n (ALAS2023-2024-569)

2024-03-2100:00:00
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
8
amazon linux
node.js
vulnerabilities
alas2023-2024-569
security advisory
resource exhaustion
denial of service
nessus scanner

6.8 Medium

AI Score

Confidence

Low

JSON

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-569 advisory.

  • On Linux, Node.js ignores certain environment variables if those may have been set by an unprivileged user while the process is running with elevated privileges with the only exception of CAP_NET_BIND_SERVICE. Due to a bug in the implementation of this exception, Node.js incorrectly applies this exception even when certain other capabilities have been set. This allows unprivileged users to inject code that inherits the processโ€™s elevated privileges. (CVE-2024-21892)

  • A vulnerability in Node.js HTTP servers allows an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and denial of service (DoS). The server reads an unbounded number of bytes from a single connection, exploiting the lack of limitations on chunk extension bytes. The issue can cause CPU and network bandwidth exhaustion, bypassing standard safeguards like timeouts and body size limits. (CVE-2024-22019)

Note that Nessus has not tested for these issues but has instead relied only on the applicationโ€™s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux 2023 Security Advisory ALAS2023-2024-569.
##

include('compat.inc');

if (description)
{
  script_id(192444);
  script_version("1.0");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/21");

  script_cve_id("CVE-2024-21892", "CVE-2024-22019");

  script_name(english:"Amazon Linux 2023 : nodejs, nodejs-devel, nodejs-full-i18n (ALAS2023-2024-569)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Amazon Linux 2023 host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-569 advisory.

  - On Linux, Node.js ignores certain environment variables if those may have been set by an unprivileged user
    while the process is running with elevated privileges with the only exception of CAP_NET_BIND_SERVICE. Due
    to a bug in the implementation of this exception, Node.js incorrectly applies this exception even when
    certain other capabilities have been set. This allows unprivileged users to inject code that inherits the
    process's elevated privileges. (CVE-2024-21892)

  - A vulnerability in Node.js HTTP servers allows an attacker to send a specially crafted HTTP request with
    chunked encoding, leading to resource exhaustion and denial of service (DoS). The server reads an
    unbounded number of bytes from a single connection, exploiting the lack of limitations on chunk extension
    bytes. The issue can cause CPU and network bandwidth exhaustion, bypassing standard safeguards like
    timeouts and body size limits. (CVE-2024-22019)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/AL2023/ALAS-2024-569.html");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2024-21892.html");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2024-22019.html");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/faqs.html");
  script_set_attribute(attribute:"solution", value:
"Run 'dnf update nodejs --releasever 2023.4.20240319' to update your system.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-21892");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2024/02/14");
  script_set_attribute(attribute:"patch_publication_date", value:"2024/03/13");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/03/21");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:nodejs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:nodejs-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:nodejs-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:nodejs-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:nodejs-docs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:nodejs-full-i18n");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:nodejs-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:nodejs-libs-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:nodejs-npm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:v8-10.2-devel");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux:2023");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Amazon Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");

  exit(0);
}

include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

var alas_release = get_kb_item("Host/AmazonLinux/release");
if (isnull(alas_release) || !strlen(alas_release)) audit(AUDIT_OS_NOT, "Amazon Linux");
var os_ver = pregmatch(pattern: "^AL(A|\d+|-\d+)", string:alas_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "-2023")
{
  if (os_ver == 'A') os_ver = 'AMI';
  audit(AUDIT_OS_NOT, "Amazon Linux 2023", "Amazon Linux " + os_ver);
}

if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

var pkgs = [
    {'reference':'nodejs-18.18.2-1.amzn2023.0.2', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'nodejs-18.18.2-1.amzn2023.0.2', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'nodejs-debuginfo-18.18.2-1.amzn2023.0.2', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'nodejs-debuginfo-18.18.2-1.amzn2023.0.2', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'nodejs-debugsource-18.18.2-1.amzn2023.0.2', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'nodejs-debugsource-18.18.2-1.amzn2023.0.2', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'nodejs-devel-18.18.2-1.amzn2023.0.2', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'nodejs-devel-18.18.2-1.amzn2023.0.2', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'nodejs-docs-18.18.2-1.amzn2023.0.2', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'nodejs-full-i18n-18.18.2-1.amzn2023.0.2', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'nodejs-full-i18n-18.18.2-1.amzn2023.0.2', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'nodejs-libs-18.18.2-1.amzn2023.0.2', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'nodejs-libs-18.18.2-1.amzn2023.0.2', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'nodejs-libs-debuginfo-18.18.2-1.amzn2023.0.2', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'nodejs-libs-debuginfo-18.18.2-1.amzn2023.0.2', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'nodejs-npm-9.8.1-1.18.18.2.1.amzn2023.0.2', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'nodejs-npm-9.8.1-1.18.18.2.1.amzn2023.0.2', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'v8-10.2-devel-10.2.154.26-1.18.18.2.1.amzn2023.0.2', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'v8-10.2-devel-10.2.154.26-1.18.18.2.1.amzn2023.0.2', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE}
];

var flag = 0;
foreach var package_array ( pkgs ) {
  var reference = NULL;
  var _release = NULL;
  var sp = NULL;
  var _cpu = NULL;
  var el_string = NULL;
  var rpm_spec_vers_cmp = NULL;
  var epoch = NULL;
  var allowmaj = NULL;
  var exists_check = NULL;
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (!empty_or_null(package_array['release'])) _release = package_array['release'];
  if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
  if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
  if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
  if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
  if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
  if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
  if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
  if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {
    if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "nodejs / nodejs-debuginfo / nodejs-debugsource / etc");
}
VendorProductVersionCPE
amazonlinuxnodejs-full-i18np-cpe:/a:amazon:linux:nodejs-full-i18n
amazonlinuxnodejs-develp-cpe:/a:amazon:linux:nodejs-devel
amazonlinuxnodejsp-cpe:/a:amazon:linux:nodejs
amazonlinuxnodejs-npmp-cpe:/a:amazon:linux:nodejs-npm
amazonlinuxnodejs-debuginfop-cpe:/a:amazon:linux:nodejs-debuginfo
amazonlinuxv8-10.2-develp-cpe:/a:amazon:linux:v8-10.2-devel
amazonlinuxnodejs-libs-debuginfop-cpe:/a:amazon:linux:nodejs-libs-debuginfo
amazonlinuxnodejs-docsp-cpe:/a:amazon:linux:nodejs-docs
amazonlinuxnodejs-debugsourcep-cpe:/a:amazon:linux:nodejs-debugsource
amazonlinuxnodejs-libsp-cpe:/a:amazon:linux:nodejs-libs
Rows per page:
1-10 of 111

Related

nessus 41
osv 12
rocky 6
almalinux 6
ibm 10
redhat 13
oraclelinux 6
f5 1
openvas 12
mageia 1
prion 2
hackerone 3
redhatcve 2
alpinelinux 1
debiancve 2
freebsd 2
cbl_mariner 2
cvelist 2
cve 2
veracode 2
ubuntucve 2
photon 1
oracle 1
nessus
nessus
RHEL 8 : nodejs:18 (RHSA-2024:1510)
2024-03-26 00:00:00
Oracle Linux 9 : nodejs:18 (ELSA-2024-1503)
2024-03-26 00:00:00
RHEL 9 : nodejs:18 (RHSA-2024:1503)
2024-03-25 00:00:00
osv
osv
Important: nodejs:18 security update
2024-03-27 04:34:32
Important: nodejs:18 security update
2024-03-25 00:00:00
Important: nodejs:18 security update
2024-03-26 00:00:00
rocky
rocky
nodejs:18 security update
2024-03-27 04:34:32
nodejs:18 security update
2024-03-27 04:35:34
nodejs security update
2024-05-10 14:33:20
almalinux
almalinux
Important: nodejs:18 security update
2024-03-25 00:00:00
Important: nodejs:18 security update
2024-03-26 00:00:00
Important: nodejs security update
2024-03-20 00:00:00
ibm
ibm
Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to loss of confidentiality and denial of service due to [CVE-2023-46809] [CVE-2024-21892] [CVE-2024-22019]
2024-04-23 14:05:46
Security Bulletin: IBM DataPower Gateway is vulnerable to Denial of Service due to use of Node.js
2024-04-01 11:40:21
Security Bulletin: IBM App Connect Enterprise is vulnerable to multiple vulnerabilities due to Node.js.
2024-05-10 14:52:40
redhat
redhat
(RHSA-2024:1880) Important: nodejs:18 security update
2024-04-18 00:58:51
(RHSA-2024:1510) Important: nodejs:18 security update
2024-03-26 09:07:37
(RHSA-2024:1503) Important: nodejs:18 security update
2024-03-25 19:54:22
oraclelinux
oraclelinux
nodejs:18 security update
2024-03-26 00:00:00
nodejs:18 security update
2024-03-26 00:00:00
nodejs security update
2024-03-21 00:00:00
f5
f5
K000139558 : Node.js vulnerabilities CVE-2023-46809, CVE-2024-21892, and CVE-2024-22019
2024-05-09 00:00:00
openvas
openvas
Mageia: Security Advisory (MGASA-2024-0046)
2024-02-23 00:00:00
SUSE: Security Advisory (SUSE-SU-2024:0730-1)
2024-03-01 00:00:00
Node.js 18.x < 18.19.1 Multiple Vulnerabilities - Mac OS X
2024-02-16 00:00:00
mageia
mageia
Updated nodejs yarnpkg packages fix security vulnerabilities
2024-02-23 01:20:27
prion
prion
Code injection
2024-02-20 02:15:00
Design/Logic Flaw
2024-02-20 02:15:00
hackerone
hackerone
Node.js: Code injection and privilege escalation through Linux capabilities
2023-11-03 03:41:28
Internet Bug Bounty: http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks
2024-02-15 18:19:30
Node.js: http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks
2023-10-30 21:18:51
redhatcve
redhatcve
CVE-2024-21892
2024-02-16 18:20:49
CVE-2024-22019
2024-02-16 17:52:09
alpinelinux
alpinelinux
CVE-2024-21892
2024-02-20 02:15:50
debiancve
debiancve
CVE-2024-21892
2024-02-20 02:15:50
CVE-2024-22019
2024-02-20 02:15:50
freebsd
freebsd
null -- null
2024-02-20 00:00:00
NodeJS -- Vulnerabilities
2024-02-14 00:00:00
cbl_mariner
cbl_mariner
CVE-2024-21892 affecting package nodejs18 for versions less than 18.20.2-1
2024-05-06 17:48:02
CVE-2024-22019 affecting package nodejs18 for versions less than 18.20.2-1
2024-05-06 17:48:02
cvelist
cvelist
CVE-2024-21892
2024-02-20 01:31:08
CVE-2024-22019
2024-02-20 01:31:08
cve
cve
CVE-2024-21892
2024-02-20 02:15:50
CVE-2024-22019
2024-02-20 02:15:50
veracode
veracode
Privilege Escalation
2024-02-21 03:05:12
Denial Of Service
2024-02-21 20:24:20
ubuntucve
ubuntucve
CVE-2024-21892
2024-02-20 00:00:00
CVE-2024-22019
2024-02-20 00:00:00
photon
photon
Critical Photon OS Security Update - PHSA-2024-5.0-0213
2024-02-20 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - April 2024
2024-04-16 00:00:00

6.8 Medium

AI Score

Confidence

Low

JSON
Related for AL2023_ALAS2023-2024-569.NASL
nessus41osv12rocky6almalinux6ibm10redhat13oraclelinux6f51openvas12mageia1prion2hackerone3redhatcve2alpinelinux1debiancve2freebsd2cbl_mariner2cvelist2cve2veracode2ubuntucve2photon1oracle1