Lucene search

[email protected]NVD:CVE-2023-27563

HistoryMay 10, 2023 - 3:15 p.m.

CVE-2023-27563

2023-05-1015:15:09

[email protected]

web.nvd.nist.gov

node.js

n8n

package

0.218.0

privilege escalation

vulnerability

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.8

Confidence

High

EPSS

0.002

Percentile

54.3%

JSON

The n8n package 0.218.0 for Node.js allows Escalation of Privileges.

Affected configurations

Nvd

Node

n8nn8nMatch0.218.0node.js

VendorProductVersionCPE
n8nn8n0.218.0cpe:2.3:a:n8n:n8n:0.218.0:*:*:*:*:node.js:*:*

Vendor	Product	Version	CPE
n8n	n8n	0.218.0	cpe:2.3:a:n8n:n8n:0.218.0:::::node.js::

References

github.com/n8n-io/n8n/releases

security.netapp.com/advisory/ntap-20230622-0007/

www.synacktiv.com/sites/default/files/2023-05/Synacktiv-N8N-Multiple-Vulnerabilities_0.pdf

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.8

Confidence

High

EPSS

0.002

Percentile

54.3%

JSON

Related for NVD:CVE-2023-27563

osv2 github1 cvelist1 prion1 cve1 veracode1