An untrusted search path vulnerability exists in Node.js. <19.6.1, <18.14.1, <16.19.1, and <14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges.

References

bugzilla.redhat.com/show_bug.cgi?id=2172217

nvd.nist.gov/vuln/detail/CVE-2023-23920

www.cve.org/CVERecord?id=CVE-2023-23920

veracode 1

cbl_mariner 2

nvd 1

cve 1

alpinelinux 1

osv 15

openvas 14

nessus 40

hackerone 1

ibm 20

debiancve 1

prion 1

ubuntucve 1

debian 3

cvelist 1

mageia 1

f5 1

ubuntu 1

fedora 3

redhat 9

nodejsblog 1

altlinux 1

almalinux 5

oraclelinux 5

rocky 4

photon 2

oracle 1

veracode

Improper Access Control

2023-02-18 04:53:51

cbl_mariner

CVE-2023-23920 affecting package nodejs for versions less than 16.19.1-1

2023-03-24 23:56:25

CVE-2023-23920 affecting package nodejs 14.21.1-3

2023-08-15 16:37:27

nvd

CVE-2023-23920

2023-02-23 20:15:14

cve

CVE-2023-23920

2023-02-23 20:15:14

alpinelinux

CVE-2023-23920

2023-02-23 20:15:14

osv

BIT-node-2023-23920

2024-03-06 11:02:02

nodejs - security update

2023-05-02 00:00:00

CVE-2023-23920

2023-02-23 20:15:14

openvas

SUSE: Security Advisory (SUSE-SU-2023:0682-1)

2023-03-28 00:00:00

Debian: Security Advisory (DSA-5395-1)

2023-05-03 00:00:00

SUSE: Security Advisory (SUSE-SU-2023:0606-1)

2023-03-28 00:00:00

nessus

SUSE SLES15 / openSUSE 15 Security Update : nodejs12 (SUSE-SU-2023:0682-1)

2023-03-10 00:00:00

SUSE SLES15 / openSUSE 15 Security Update : nodejs10 (SUSE-SU-2023:0606-1)

2023-03-05 00:00:00

Amazon Linux 2023 : nodejs, nodejs-devel, nodejs-full-i18n (ALAS2023-2023-210)

2023-06-13 00:00:00

hackerone

Node.js: Insecure loading of ICU data through ICU_DATA environment variable

2022-07-04 22:28:55

ibm

Security Bulletin: IBM App Connect Enterprise is vulnerable to a remote authenticated attacker due to Node.js (CVE-2023-23920)

2023-07-24 09:31:56

Security Bulletin: Potential security bypass in IBM DataPower Gateway (CVE_2023-23920)

2023-05-02 18:20:11

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to several vulnerabilities in Node.js due to [CVE-2023-23919, CVE-2023-23920, CVE-2023-23936, CVE-2023-24807]

2023-06-28 15:28:35

debiancve

CVE-2023-23920

2023-02-23 20:15:14

prion

Design/Logic Flaw

2023-02-23 20:15:00

ubuntucve

CVE-2023-23920

2023-02-23 00:00:00

debian

[SECURITY] [DSA 5395-1] nodejs security update

2023-05-02 13:50:05

[SECURITY] [DLA 3344-1] nodejs security update

2023-02-26 01:17:34

[SECURITY] [DSA 5589-1] nodejs security update

2023-12-27 22:12:40

cvelist

CVE-2023-23920

2023-02-23 00:00:00

mageia

Updated nodejs packages fix security vulnerability

2023-03-02 00:14:31

K000134602 : Node.js vulnerabilities CVE-2023-23918 and CVE-2023-23920

2023-05-15 00:00:00

ubuntu

Node.js vulnerabilities

2024-03-04 00:00:00

fedora

[SECURITY] Fedora 38 Update: nodejs20-19.8.1-7.fc38

2023-04-04 18:17:01

[SECURITY] Fedora 38 Update: nodejs16-16.20.0-2.fc38

2023-04-04 18:17:01

[SECURITY] Fedora 38 Update: nodejs18-18.15.0-6.fc38

2023-04-04 18:17:01

redhat

(RHSA-2023:1744) Important: rh-nodejs14-nodejs security, bug fix, and enhancement update

2023-04-12 14:38:13

(RHSA-2023:1743) Important: nodejs:14 security, bug fix, and enhancement update

2023-04-12 14:37:46

(RHSA-2023:2655) Moderate: nodejs and nodejs-nodemon security, bug fix, and enhancement update

2023-05-09 11:25:41

nodejsblog

Thursday February 16 2023 Security Releases

2023-02-16 00:00:00

altlinux

Security fix for the ALT Linux 10 package node version 16.19.1-alt1

2023-03-22 00:00:00

almalinux

Moderate: nodejs and nodejs-nodemon security, bug fix, and enhancement update

2023-05-09 00:00:00

Moderate: nodejs:18 security, bug fix, and enhancement update

2023-04-04 00:00:00

Important: nodejs:14 security, bug fix, and enhancement update

2023-04-12 00:00:00

oraclelinux

nodejs and nodejs-nodemon security, bug fix, and enhancement update

2023-05-17 00:00:00

nodejs:18 security, bug fix, and enhancement update

2023-04-05 00:00:00

nodejs:14 security, bug fix, and enhancement update

2023-04-12 00:00:00

rocky

nodejs and nodejs-nodemon security, bug fix, and enhancement update

2023-05-25 19:53:09

nodejs:18 security, bug fix, and enhancement update

2023-04-06 15:52:43

nodejs:14 security, bug fix, and enhancement update

2023-04-26 15:28:13

photon

Critical Photon OS Security Update - PHSA-2023-5.0-0011

2023-05-24 00:00:00

Critical Photon OS Security Update - PHSA-2023-3.0-0545

2023-03-07 00:00:00

oracle

Oracle Critical Patch Update Advisory - April 2023

2023-04-18 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

4.2 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N

0.0004 Low

EPSS

Percentile

14.2%

JSON

Related for RH:CVE-2023-23920