Lucene search
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.ALMA_LINUX_ALSA-2024-6147.NASLHistorySep 03, 2024 - 12:00 a.m.
AlmaLinux 9 : nodejs:18 (ALSA-2024:6147)
2024-09-0300:00:00
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
3
almalinux 9
node-tar
denial of service
parsing
tar file
lack of folders depth validation
cve-2024-28863
nodejs
network import restriction
data url
cve-2024-22020
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
AI Score
6.8
Confidence
High
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:6147 advisory.
* node-tar: denial of service while parsing a tar file due to lack of folders depth validation (CVE-2024-28863)
* nodejs: Bypass network import restriction via data URL (CVE-2024-22020)
Tenable has extracted the preceding description block directly from the AlmaLinux security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# AlmaLinux Security Advisory ALSA-2024:6147.
##
include('compat.inc');
if (description)
{
script_id(206476);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/09/03");
script_cve_id("CVE-2024-22020", "CVE-2024-28863");
script_xref(name:"ALSA", value:"2024:6147");
script_name(english:"AlmaLinux 9 : nodejs:18 (ALSA-2024:6147)");
script_set_attribute(attribute:"synopsis", value:
"The remote AlmaLinux host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the
ALSA-2024:6147 advisory.
* node-tar: denial of service while parsing a tar file due to lack of folders depth validation
(CVE-2024-28863)
* nodejs: Bypass network import restriction via data URL (CVE-2024-22020)
Tenable has extracted the preceding description block directly from the AlmaLinux security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://errata.almalinux.org/9/ALSA-2024-6147.html");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:H/Au:N/C:P/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-22020");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(400);
script_set_attribute(attribute:"vuln_publication_date", value:"2024/03/21");
script_set_attribute(attribute:"patch_publication_date", value:"2024/09/03");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/09/03");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:nodejs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:nodejs-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:nodejs-docs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:nodejs-full-i18n");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:nodejs-nodemon");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:nodejs-packaging");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:nodejs-packaging-bundler");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:npm");
script_set_attribute(attribute:"cpe", value:"cpe:/o:alma:linux:9");
script_set_attribute(attribute:"cpe", value:"cpe:/o:alma:linux:9::appstream");
script_set_attribute(attribute:"cpe", value:"cpe:/o:alma:linux:9::baseos");
script_set_attribute(attribute:"cpe", value:"cpe:/o:alma:linux:9::crb");
script_set_attribute(attribute:"cpe", value:"cpe:/o:alma:linux:9::highavailability");
script_set_attribute(attribute:"cpe", value:"cpe:/o:alma:linux:9::nfv");
script_set_attribute(attribute:"cpe", value:"cpe:/o:alma:linux:9::realtime");
script_set_attribute(attribute:"cpe", value:"cpe:/o:alma:linux:9::resilientstorage");
script_set_attribute(attribute:"cpe", value:"cpe:/o:alma:linux:9::sap");
script_set_attribute(attribute:"cpe", value:"cpe:/o:alma:linux:9::sap_hana");
script_set_attribute(attribute:"cpe", value:"cpe:/o:alma:linux:9::supplementary");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Alma Linux Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/AlmaLinux/release", "Host/AlmaLinux/rpm-list", "Host/cpu");
exit(0);
}
include('rpm.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/AlmaLinux/release');
if (isnull(os_release) || 'AlmaLinux' >!< os_release) audit(AUDIT_OS_NOT, 'AlmaLinux');
var os_ver = pregmatch(pattern: "AlmaLinux release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'AlmaLinux');
os_ver = os_ver[1];
if (! preg(pattern:"^9([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'AlmaLinux 9.x', 'AlmaLinux ' + os_ver);
if (!get_kb_item('Host/AlmaLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('aarch64' >!< cpu && 'ppc' >!< cpu && 's390' >!< cpu && 'x86_64' >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'AlmaLinux', cpu);
var module_ver = get_kb_item('Host/AlmaLinux/appstream/nodejs');
if (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module nodejs:18');
if ('18' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module nodejs:' + module_ver);
var appstreams = {
'nodejs:18': [
{'reference':'nodejs-18.20.4-1.module_el8.10.0+3890+5a092792', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'nodejs-18.20.4-1.module_el8.10.0+3890+5a092792', 'cpu':'ppc64le', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'nodejs-18.20.4-1.module_el8.10.0+3890+5a092792', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'nodejs-18.20.4-1.module_el8.10.0+3890+5a092792', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'nodejs-devel-18.20.4-1.module_el8.10.0+3890+5a092792', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'nodejs-devel-18.20.4-1.module_el8.10.0+3890+5a092792', 'cpu':'ppc64le', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'nodejs-devel-18.20.4-1.module_el8.10.0+3890+5a092792', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'nodejs-devel-18.20.4-1.module_el8.10.0+3890+5a092792', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'nodejs-docs-18.20.4-1.module_el8.10.0+3890+5a092792', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'nodejs-full-i18n-18.20.4-1.module_el8.10.0+3890+5a092792', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'nodejs-full-i18n-18.20.4-1.module_el8.10.0+3890+5a092792', 'cpu':'ppc64le', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'nodejs-full-i18n-18.20.4-1.module_el8.10.0+3890+5a092792', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'nodejs-full-i18n-18.20.4-1.module_el8.10.0+3890+5a092792', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'nodejs-nodemon-3.0.1-1.module_el8.10.0+3890+5a092792', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
{'reference':'nodejs-packaging-2021.06-4.module_el9.1.0+13+d9a595ea', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
{'reference':'nodejs-packaging-bundler-2021.06-4.module_el9.1.0+13+d9a595ea', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
{'reference':'npm-10.7.0-1.18.20.4.1.module_el8.10.0+3890+5a092792', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'npm-10.7.0-1.18.20.4.1.module_el8.10.0+3890+5a092792', 'cpu':'ppc64le', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'npm-10.7.0-1.18.20.4.1.module_el8.10.0+3890+5a092792', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'npm-10.7.0-1.18.20.4.1.module_el8.10.0+3890+5a092792', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}
]
};
var flag = 0;
var appstreams_found = 0;
foreach var module (keys(appstreams)) {
var appstream = NULL;
var appstream_name = NULL;
var appstream_version = NULL;
var appstream_split = split(module, sep:':', keep:FALSE);
if (!empty_or_null(appstream_split)) {
appstream_name = appstream_split[0];
appstream_version = appstream_split[1];
if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/AlmaLinux/appstream/' + appstream_name);
}
if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {
appstreams_found++;
foreach var package_array ( appstreams[module] ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var epoch = NULL;
var allowmaj = NULL;
var exists_check = NULL;
var cves = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) _release = 'Alma-' + package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
if (!empty_or_null(package_array['cves'])) cves = package_array['cves'];
if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {
if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
}
}
}
}
if (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module nodejs:18');
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'nodejs / nodejs-devel / nodejs-docs / nodejs-full-i18n / etc');
}
Related
almalinux
almalinux
Moderate: nodejs:18 security update
2024-09-03 00:00:00
Moderate: nodejs:18 security update
2024-09-03 00:00:00
Moderate: nodejs:20 security update
2024-08-26 00:00:00
nessus
nessus
AlmaLinux 8 : nodejs:18 (ALSA-2024:6148)
2024-09-03 00:00:00
Rocky Linux 8 : nodejs:18 (RLSA-2024:6148)
2024-09-16 00:00:00
Oracle Linux 9 : nodejs:18 (ELSA-2024-6147)
2024-09-05 00:00:00
rocky
rocky
nodejs:18 security update
2024-09-17 00:54:54
nodejs:18 security update
2024-09-17 00:55:59
nodejs:20 security update
2024-09-17 00:54:54
redhat
redhat
(RHSA-2024:6148) Moderate: nodejs:18 security update
2024-09-03 01:09:29
(RHSA-2024:6147) Moderate: nodejs:18 security update
2024-09-03 01:09:27
(RHSA-2024:5814) Moderate: nodejs:20 security update
2024-08-26 07:11:09
oraclelinux
oraclelinux
nodejs:18 security update
2024-09-04 00:00:00
nodejs:18 security update
2024-09-04 00:00:00
nodejs:20 security update
2024-08-26 00:00:00
osv
osv
Moderate: nodejs:18 security update
2024-09-03 00:00:00
Moderate: nodejs:18 security update
2024-09-17 00:55:59
Moderate: nodejs:18 security update
2024-09-17 00:54:54
vulnrichment
vulnrichment
CVE-2024-28863 node-tar vulnerable to denial of service while parsing a tar file due to lack of folders count validation
2024-03-21 22:10:23
CVE-2024-22020
2024-07-09 01:07:28
veracode
veracode
Denial Of Service (DoS)
2024-03-25 13:36:34
Denial Of Service (DoS)
2024-03-26 16:59:03
cvelist
cvelist
CVE-2024-28863 node-tar vulnerable to denial of service while parsing a tar file due to lack of folders count validation
2024-03-21 22:10:23
CVE-2024-22020
2024-07-09 01:07:28
ibm
ibm
cgr
cgr
CVE-2024-28863 vulnerabilities
2024-05-19 03:07:16
cbl_mariner
cbl_mariner
CVE-2024-28863 affecting package nodejs18 for versions less than 18.20.3-1
2024-07-10 19:52:59
CVE-2024-28863 affecting package nodejs for versions less than 20.14.0-1
2024-06-21 09:32:44
nvd
nvd
CVE-2024-28863
2024-03-21 23:15:10
CVE-2024-22020
2024-07-09 02:15:09
ubuntucve
ubuntucve
CVE-2024-28863
2024-03-21 00:00:00
CVE-2024-22020
2024-07-09 00:00:00
github
github
redos
redos
ROS-20240904-05
2024-09-04 00:00:00
debiancve
debiancve
CVE-2024-22020
2024-07-09 02:15:09
CVE-2024-28863
2024-03-21 23:15:10
wolfi
wolfi
CVE-2024-22020 vulnerabilities
2024-09-18 21:11:55
CVE-2024-28863 vulnerabilities
2024-09-18 21:11:55
redhatcve
redhatcve
CVE-2024-28863
2024-06-20 09:51:26
CVE-2024-22020
2024-07-09 05:09:34
f5
f5
K000139643: Node-tar vulnerability CVE-2024-28863
2024-05-16 00:00:00
K000141047: Multiple Node.js vulnerabilities
2024-09-12 00:00:00
cve
cve
CVE-2024-28863
2024-03-21 23:15:10
CVE-2024-22020
2024-07-09 02:15:09
hackerone
hackerone
Node.js: Bypass network import restriction via data URL
2023-08-01 20:37:14
alpinelinux
alpinelinux
CVE-2024-22020
2024-07-09 02:15:09
photon
photon
Important Photon OS Security Update - PHSA-2024-4.0-0653
2024-07-16 00:00:00
Important Photon OS Security Update - PHSA-2024-5.0-0318
2024-07-16 00:00:00
openvas
openvas
Node.js < 18.20.4, 19.x < 20.15.1, 21.x < 22.4.1 Multiple Vulnerabilities - Mac OS X
2024-06-27 00:00:00
Node.js < 18.20.4, 19.x < 20.15.1, 21.x < 22.4.1 Multiple Vulnerabilities - Windows
2024-06-27 00:00:00
Mageia: Security Advisory (MGASA-2024-0282)
2024-08-29 00:00:00
mageia
mageia
Updated nodejs & yarnpkg packages fix security vulnerabilities
2024-08-28 20:11:44
nodejsblog
nodejsblog
Monday, July 8, 2024 Security Releases
2024-07-08 00:00:00
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
AI Score
6.8
Confidence
High
Related for ALMA_LINUX_ALSA-2024-6147.NASL