SUSE CVE-2023-32003

🗓️ 11 Aug 2023 02:13:47Reported by Suse CVEType

susecve

susecve🔗 www.suse.com👁 1 Views

CVE-2023-32003: fs.mkdtemp and fs.mkdtempSync bypass permission checks via path traversal in Node.js 20

Reporter	Title	Published	Views	Family All 73
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 9.0.1	16 Nov 202315:21	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to multiple Node.js vulnerabilities	31 Jan 202413:28	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM SDK for Node.js and packaged modules affect IBM Business Automation Workflow Configuration Editor	26 Sep 202308:26	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Spectrum Control is vulnerable to multiple weaknesses related to Node.js	29 Apr 202502:31	–	ibm
IBM Security Bulletins	Security Bulletin: Netcool Operations Insights 1.6.11 addresses multiple security vulnerabilities.	20 Dec 202316:10	–	ibm
IBM Security Bulletins	Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to bypassing security restrictions due to multiple Node.js vulnerabilities	14 Sep 202317:19	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Node.js affect IBM Voice Gateway	2 Oct 202320:07	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities present in IBM Answer Retrieval for Watson Discovery versions 2.13 and earlier	12 Oct 202319:11	–	ibm
AlpineLinux	CVE-2023-32003	15 Aug 202316:15	–	alpinelinux
BDU FSTEC	The vulnerability of the fs.mkdtemp() and fs.mkdtempSync() methods in the Node.js software platform allows a hacker to create arbitrary directories.	8 Nov 202400:00	–	bdu_fstec

OS	OS Version	Architecture	Package	Package Version	Filename
OpenSUSE Tumbleweed	–	any	corepack20	20.5.1-1.1	corepack20-20.5.1-1.1.noarch.rpm
OpenSUSE Tumbleweed	–	any	nodejs20	20.5.1-1.1	nodejs20-20.5.1-1.1.noarch.rpm
OpenSUSE Tumbleweed	–	any	nodejs20-devel	20.5.1-1.1	nodejs20-devel-20.5.1-1.1.noarch.rpm
OpenSUSE Tumbleweed	–	any	nodejs20-docs	20.5.1-1.1	nodejs20-docs-20.5.1-1.1.noarch.rpm
OpenSUSE Tumbleweed	–	any	npm20	20.5.1-1.1	npm20-20.5.1-1.1.noarch.rpm

Source	Link
suse	www.suse.com/security/cve/CVE-2023-32003
suse	www.suse.com/support/security/rating/
bugzilla	www.bugzilla.suse.com/1214151

05 Jul 2025 23:30Current

9.2High risk

Vulners AI Score9.2

CVSS 3.16.5

EPSS0.00063

path traversal permission model bypass nodejs twenty temporary directory creation experimental feature security vulnerability