CVE-2023-30586

2023-06-3023:40:08

hackerone

www.cve.org

node.js

privilege escalation

openssl engines

experimental permission model

attack complexity

crypto.setengine()

process memory manipulation

experimental feature

7.9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

21.0%

JSON

A privilege escalation vulnerability exists in Node.js 20 that allowed loading arbitrary OpenSSL engines when the experimental permission model is enabled, which can bypass and/or disable the permission model. The attack complexity is high. However, the crypto.setEngine() API can be used to bypass the permission model when called with a compatible OpenSSL engine. The OpenSSL engine can, for example, disable the permission model in the host process by manipulating the process’s stack memory to locate the permission model Permission::enabled_ in the host process’s heap memory. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "vendor": "Node.js",
    "product": "https://github.com/nodejs/node",
    "versions": [
      {
        "version": "v20.3.1",
        "status": "affected",
        "lessThan": "v20.3.1",
        "versionType": "semver"
      }
    ]
  }
]