TencentOS Server 3: nodejs:18 (TSSA-2024:0108)

🗓️ 20 Nov 2025 00:00:00Reported by TenableType

TencentOS Server 3 nodejs:18 has CVEs causing timing side-channel, privilege escalation, and DoS; updates.

Reporter	Title	Published	Views	Family All 344
IBM Security Bulletins	Security Bulletin: Node.js vulnerabilities affect IBM Spectrum Control	8 Jul 202409:24	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Rational® Application Developer for WebSphere® Software is vulnerable to a denial of service	13 May 202423:54	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Node.js affect IBM Voice Gateway	1 Apr 202418:28	–	ibm
IBM Security Bulletins	Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to loss of confidentiality and denial of service due to [CVE-2023-46809] [CVE-2024-21892] [CVE-2024-22019]	23 Apr 202414:05	–	ibm
IBM Security Bulletins	Security Bulletin: Denial of service vulnerabilities in Node.js affects IBM Rational Developer for i RPG and COBOL + Modernization Tools, Java Edition	30 May 202418:50	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities	19 Mar 202417:46	–	ibm
IBM Security Bulletins	Security Bulletin: IBM DataPower Gateway is vulnerable to Denial of Service due to use of Node.js	1 Apr 202411:40	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Node.js	29 Aug 202419:04	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation Fixes for May 2024.	15 Apr 202502:38	–	ibm
IBM Security Bulletins	Security Bulletin: Netcool Operations Insights 1.6.13 addresses multiple security vulnerabilities.	31 Jul 202411:01	–	ibm

Source	Link
mirrors	www.mirrors.tencent.com/tlinux/errata/tssa-20240108.xml
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Tencent Linux Security Advisory TSSA-2024:0108.
##

include('compat.inc');

if (description)
{
  script_id(276343);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/12/04");

  script_cve_id("CVE-2023-46809", "CVE-2024-21892", "CVE-2024-22019");

  script_name(english:"TencentOS Server 3: nodejs:18 (TSSA-2024:0108)");

  script_set_attribute(attribute:"synopsis", value:
"The remote TencentOS Server 3 host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is,
therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0108 advisory.

    Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:

    CVE-2023-46809:
    A flaw was found in Node.js. The privateDecrypt() API of the crypto library may allow a covert timing
    side-channel during PKCS#1 v1.5 padding error handling. This issue revealed significant timing differences
    in decryption for valid and invalid ciphertexts, which may allow a remote attacker to decrypt captured RSA
    ciphertexts or forge signatures, especially in scenarios involving API endpoints processing JSON Web
    Encryption messages.

    CVE-2024-21892:
    A flaw was found in Node.js. On Linux, Node.js ignores certain environment variables if an unprivileged
    user has set them while the process is running with elevated privileges, except for CAP_NET_BIND_SERVICE.
    Due to a bug in the implementation of this exception, Node.js incorrectly applies this exception even when
    other capabilities have been set. This flaw allows unprivileged users to inject code that inherits the
    process's elevated privileges.

    CVE-2024-22019:
    A flaw was found in Node.js due to a lack of safeguards on chunk extension bytes. The server may read an
    unbounded number of bytes from a single connection, which can allow an attacker to send a specially
    crafted HTTP request with chunked encoding, leading to resource exhaustion and a denial of service.

Tenable has extracted the preceding description block directly from the Tencent Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://mirrors.tencent.com/tlinux/errata/tssa-20240108.xml");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-21892");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2024/02/14");
  script_set_attribute(attribute:"patch_publication_date", value:"2024/03/26");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/11/20");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:tencent:tencentos_server:3");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:tencent:tencentos_server:nodejs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:tencent:tencentos_server:nodejs-nodemon");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:tencent:tencentos_server:nodejs-packaging");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tencent Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info2.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/etc/os-release", "Host/TencentOS/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm2.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'TencentOS' >!< os_product) audit(AUDIT_OS_NOT, 'TencentOS');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'TencentOS');
if (! preg(pattern:"^3([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'TencentOS 3.x', 'TencentOS ' + os_version);

if (!get_kb_item('Host/TencentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'TencentOS', cpu);

var constraints = [
  {
    'release': '3',
    'pkgs': [
      {'reference':'nodejs-18.19.1-1.module+el8.8.0+608+48fd8931', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'nodejs-18.19.1-1.module+el8.8.0+608+48fd8931', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'nodejs-debuginfo-18.19.1-1.module+el8.8.0+608+48fd8931', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'nodejs-debuginfo-18.19.1-1.module+el8.8.0+608+48fd8931', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'nodejs-debugsource-18.19.1-1.module+el8.8.0+608+48fd8931', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'nodejs-debugsource-18.19.1-1.module+el8.8.0+608+48fd8931', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'nodejs-devel-18.19.1-1.module+el8.8.0+608+48fd8931', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'nodejs-devel-18.19.1-1.module+el8.8.0+608+48fd8931', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'nodejs-docs-18.19.1-1.module+el8.8.0+608+48fd8931', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'nodejs-full-i18n-18.19.1-1.module+el8.8.0+608+48fd8931', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'nodejs-full-i18n-18.19.1-1.module+el8.8.0+608+48fd8931', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'nodejs-nodemon-3.0.1-1.module+el8.8.0+524+047aea0a', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'nodejs-packaging-2021.06-4.module+el8.6.0+395+e5e272c2', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'nodejs-packaging-bundler-2021.06-4.module+el8.6.0+395+e5e272c2', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'npm-10.2.4-1.18.19.1.1.module+el8.8.0+608+48fd8931', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'npm-10.2.4-1.18.19.1.1.module+el8.8.0+608+48fd8931', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE}
    ]
  }
];

var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');

var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
  # Check that the target release is equal to the affected release
  if (!empty_or_null(constraint['release'])){
    if (constraint['release'] != os_release) continue;
  }
  if (!empty_or_null(constraint['sp'])){
    if (constraint['sp'] != os_sp) continue;
  }
  foreach var pkg ( constraint['pkgs'] ) {
    reference = NULL;
    sp = NULL;
    _cpu = NULL;
    el_string = NULL;
    rpm_spec_vers_cmp = NULL;
    epoch = NULL;
    allowmaj = NULL;
    exists_check = NULL;
    cves = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (reference &&
        ## (no known rpm to check OR known rpm_exists)
        (!exists_check || rpm_exists(rpm:exists_check)) &&
        rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'nodejs / nodejs-debuginfo / nodejs-debugsource / etc');
}

04 Dec 2025 00:00Current

6.9Medium risk

Vulners AI Score6.9

CVSS 3.17.4 - 7.8

CVSS 37.5

EPSS0.01239

SSVC