CVE-2024-30260

🗓️ 04 Apr 2024 20:21:47Reported by redhat.comType

redhatcve

redhatcve🔗 access.redhat.com👁 19 Views

Flaw in nodejs-undici package allows exposure of sensitive dat

Reporter	Title	Published	Views	Family All 73
IBM Security Bulletins	Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Node.js	29 Aug 202419:06	–	ibm
IBM Security Bulletins	Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands are vulnerable to loss of confidentiality due to [CVE-2024-30260] [CVE-2024-30261]	23 Apr 202414:14	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Decision Optimization for Cloud Pak for Data is vulnerable to a remote authenticated attacker (CVE-2024-30260, CVE-2024-30261)	21 Jun 202415:18	–	ibm
IBM Security Bulletins	Security Bulletin: QRadar Suite Software includes components with multiple known vulnerabilities	14 Aug 202409:31	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cloud Pak for Network Automation 2.7.3 addresses multiple security vulnerabilities	26 Mar 202504:10	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cloud Pak for Data is vulnerable to bypass security restriction due to Node.js undici module ( CVE-2024-30261, CVE-2024-30260 )	8 Aug 202415:45	–	ibm
Tenable Nessus	Amazon Linux 2023 : nodejs, nodejs-devel, nodejs-full-i18n (ALAS2023-2024-694)	6 Aug 202400:00	–	nessus
Tenable Nessus	Azure Linux 3.0 Security Update: nodejs / nodejs18 (CVE-2024-30260)	10 Feb 202500:00	–	nessus
Tenable Nessus	Fedora 38 : nodejs-undici (2024-6d9c1da54f)	12 Apr 202400:00	–	nessus
Tenable Nessus	Fedora 40 : nodejs-undici (2024-a5dc987f91)	29 Apr 202400:00	–	nessus

Source	Link
cve	www.cve.org/CVERecord
nvd	www.nvd.nist.gov/vuln/detail/CVE-2024-30260
bugzilla	www.bugzilla.redhat.com/show_bug.cgi

17 Nov 2024 17:20Current

4Medium risk

Vulners AI Score4

CVSS 3.13.9

EPSS0.00198

nodejs-undici cross-origin redirects proxy-authorization headers sensitive data attacker capturing