Permission Model Vulnerability in Node.js by OpenJS Foundation
CVE-2023-32005

5.3MEDIUM

Key Information:

Vendor: Nodejs
Status: Node
Vendor: CVE Published:; 12 September 2023

What is CVE-2023-32005?

A security flaw has been identified in Node.js version 20, specifically affecting the experimental permission model when the --allow-fs-read flag is incorrectly applied to non-* arguments. This issue arises due to inadequate restrictions within the permission model, allowing unauthorized access to file statistics via the fs.statfs API. As a consequence, malicious users may access file stats without having the necessary read permissions. This vulnerability poses risks particularly to those utilizing the experimental permission model.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Node 4.0 < 4.*

Node 5.0 < 5.*

Node 6.0 < 6.*

References

https://hackerone.com/reports/2051224

https://security.netapp.com/advisory/ntap-20231103-0004/

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 12, 2023
Vulnerability Reserved
May 1, 2023

JSON

Nodejs

What is CVE-2023-32005?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.