7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
7.4 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
31.0%
A vulnerability has been identified in the Node.js (.msi version)
installation process, specifically affecting Windows users who install
Node.js using the .msi installer. This vulnerability emerges during the
repair operation, where the “msiexec.exe” process, running under the NT
AUTHORITY\SYSTEM context, attempts to read the %USERPROFILE% environment
variable from the current user’s registry. The issue arises when the path
referenced by the %USERPROFILE% environment variable does not exist. In
such cases, the “msiexec.exe” process attempts to create the specified path
in an unsafe manner, potentially leading to the creation of arbitrary
folders in arbitrary locations. The severity of this vulnerability is
heightened by the fact that the %USERPROFILE% environment variable in the
Windows registry can be modified by standard (or “non-privileged”) users.
Consequently, unprivileged actors, including malicious entities or trojans,
can manipulate the environment variable key to deceive the privileged
“msiexec.exe” process. This manipulation can result in the creation of
folders in unintended and potentially malicious locations. It is important
to note that this vulnerability is specific to Windows users who install
Node.js using the .msi installer. Users who opt for other installation
methods are not affected by this particular issue.
launchpad.net/bugs/cve/CVE-2023-30585
nodejs.org/en/blog/vulnerability/june-2023-security-releases#privilege-escalation-via-malicious-registry-key-manipulation-during-nodejs-installer-repair-process-medium-cve-2023-30585
nvd.nist.gov/vuln/detail/CVE-2023-30585
security-tracker.debian.org/tracker/CVE-2023-30585
www.cve.org/CVERecord?id=CVE-2023-30585
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
7.4 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
31.0%