CVE-2023-30584

{"id": "CVE-2023-30584", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.7, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 2.5}]}, "published": "2024-09-07T16:15:02.167", "references": [{"url": "https://nodejs.org/en/blog/vulnerability/june-2023-security-releases", "source": "support@hackerone.com"}, {"url": "https://security.netapp.com/advisory/ntap-20241108-0005/", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been discovered in Node.js version 20, specifically within the experimental permission model. This flaw relates to improper handling of path traversal bypass when verifying file permissions.\n\nPlease note that at the time this CVE was issued, the permission model is an experimental feature of Node.js."}, {"lang": "es", "value": "Se ha descubierto una vulnerabilidad en la versi\u00f3n 20 de Node.js, espec\u00edficamente en el modelo de permisos experimental. Esta falla est\u00e1 relacionada con el manejo inadecuado de la omisi\u00f3n de la ruta de acceso al verificar los permisos de los archivos. Tenga en cuenta que, en el momento en que se emiti\u00f3 esta CVE, el modelo de permisos era una caracter\u00edstica experimental de Node.js."}], "lastModified": "2024-11-21T08:00:27.870", "sourceIdentifier": "support@hackerone.com"}