SUSE update for nodejs20



Published: 2024-04-16
Risk Medium
Patch available YES
Number of vulnerabilities 5
CVE-ID CVE-2024-24806
CVE-2024-27982
CVE-2024-27983
CVE-2024-30260
CVE-2024-30261
CWE-ID CWE-918
CWE-444
CWE-617
CWE-200
CWE-345
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe 		Web and Scripting Module
Operating systems & Components / Operating system

SUSE Linux Enterprise Server for SAP Applications 15
Operating systems & Components / Operating system

SUSE Linux Enterprise Server 15
Operating systems & Components / Operating system

SUSE Linux Enterprise High Performance Computing 15
Operating systems & Components / Operating system

openSUSE Leap
Operating systems & Components / Operating system

corepack20
Operating systems & Components / Operating system package or component

nodejs20-docs
Operating systems & Components / Operating system package or component

nodejs20
Operating systems & Components / Operating system package or component

npm20
Operating systems & Components / Operating system package or component

nodejs20-devel
Operating systems & Components / Operating system package or component

nodejs20-debuginfo
Operating systems & Components / Operating system package or component

nodejs20-debugsource
Operating systems & Components / Operating system package or component

Vendor SUSE

Security Bulletin

This security bulletin contains information about 5 vulnerabilities.

1) Server-Side Request Forgery (SSRF)

EUVDB-ID: #VU86707

Risk: Medium

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-24806

CWE-ID: CWE-918 - Server-Side Request Forgery (SSRF)

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform SSRF attacks.

The vulnerability exists due to insufficient validation of user-supplied input when handling hostnames longer than 256 characters within the uv_getaddrinfo() function in src/unix/getaddrinfo.c and its windows counterpart src/win/getaddrinfo.c. A remote attacker can pass a specially crafted hostname to the application, which can be resolved to an attacker controlled IP address and initiate unauthorized requests to arbitrary systems.

Successful exploitation of this vulnerability may allow a remote attacker gain access to sensitive data, located in the local network or send malicious requests to other servers from the vulnerable system.

Mitigation

Update the affected package nodejs20 to the latest version.

Vulnerable software versions

Web and Scripting Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

corepack20: before 20.12.1-150500.11.9.2

nodejs20-docs: before 20.12.1-150500.11.9.2

nodejs20: before 20.12.1-150500.11.9.2

npm20: before 20.12.1-150500.11.9.2

nodejs20-devel: before 20.12.1-150500.11.9.2

nodejs20-debuginfo: before 20.12.1-150500.11.9.2

nodejs20-debugsource: before 20.12.1-150500.11.9.2

External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241301-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Inconsistent interpretation of HTTP requests

EUVDB-ID: #VU88176

Risk: Medium

CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27982

CWE-ID: CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform HTTP request smuggling attacks.

The vulnerability exists due to improper validation of HTTP requests. A remote attacker can send a specially crafted HTTP request to the server and smuggle arbitrary HTTP headers.

Successful exploitation of vulnerability may allow an attacker to poison HTTP cache and perform phishing attacks.

Mitigation

Update the affected package nodejs20 to the latest version.

Vulnerable software versions

Web and Scripting Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

corepack20: before 20.12.1-150500.11.9.2

nodejs20-docs: before 20.12.1-150500.11.9.2

nodejs20: before 20.12.1-150500.11.9.2

npm20: before 20.12.1-150500.11.9.2

nodejs20-devel: before 20.12.1-150500.11.9.2

nodejs20-debuginfo: before 20.12.1-150500.11.9.2

nodejs20-debugsource: before 20.12.1-150500.11.9.2

External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241301-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Reachable Assertion

EUVDB-ID: #VU88175

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27983

CWE-ID: CWE-617 - Reachable Assertion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a reachable assertion when handling HTTP/2 packets. A remote attacker can send a small amount of HTTP/2 frames packets with a few HTTP/2 frames inside and perform a denial of service (DoS) attack.

Mitigation

Update the affected package nodejs20 to the latest version.

Vulnerable software versions

Web and Scripting Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

corepack20: before 20.12.1-150500.11.9.2

nodejs20-docs: before 20.12.1-150500.11.9.2

nodejs20: before 20.12.1-150500.11.9.2

npm20: before 20.12.1-150500.11.9.2

nodejs20-devel: before 20.12.1-150500.11.9.2

nodejs20-debuginfo: before 20.12.1-150500.11.9.2

nodejs20-debugsource: before 20.12.1-150500.11.9.2

External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241301-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Information disclosure

EUVDB-ID: #VU88177

Risk: Low

CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-30260

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to the application clears Authorization and Proxy-Authorization headers during cross-origin redirects for the fetch() method, however does not clear them for the undici.request() method, which can leak sensitive information to an unauthorized party.

Mitigation

Update the affected package nodejs20 to the latest version.

Vulnerable software versions

Web and Scripting Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

corepack20: before 20.12.1-150500.11.9.2

nodejs20-docs: before 20.12.1-150500.11.9.2

nodejs20: before 20.12.1-150500.11.9.2

npm20: before 20.12.1-150500.11.9.2

nodejs20-devel: before 20.12.1-150500.11.9.2

nodejs20-debuginfo: before 20.12.1-150500.11.9.2

nodejs20-debugsource: before 20.12.1-150500.11.9.2

External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241301-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Insufficient verification of data authenticity

EUVDB-ID: #VU88178

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-30261

CWE-ID: CWE-345 - Insufficient Verification of Data Authenticity

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to the application does not verify authenticity of data. A remote attacker can alter the "integrity" option passed to fetch(), allowing fetch() to accept requests as valid even if they have been tampered.

Mitigation

Update the affected package nodejs20 to the latest version.

Vulnerable software versions

Web and Scripting Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

corepack20: before 20.12.1-150500.11.9.2

nodejs20-docs: before 20.12.1-150500.11.9.2

nodejs20: before 20.12.1-150500.11.9.2

npm20: before 20.12.1-150500.11.9.2

nodejs20-devel: before 20.12.1-150500.11.9.2

nodejs20-debuginfo: before 20.12.1-150500.11.9.2

nodejs20-debugsource: before 20.12.1-150500.11.9.2

External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241301-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###