Bug 2219835 (CVE-2023-30585)

Summary: CVE-2023-30585 nodejs: privilege escalation via Malicious Registry Key manipulation during Node.js installer repair process
Product: [Other] Security Response Reporter: Dhananjay Arunesh <darunesh>
Component: vulnerabilityAssignee: Nobody <nobody>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: hhorak, jorton, nodejs-maint
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
A vulnerability has been identified in the Node.js (.msi version) installation process, specifically affecting Windows users who install Node.js using the .msi installer. This vulnerability emerges during the repair operation, where the "msiexec.exe" process, running under the NT AUTHORITY\SYSTEM context, attempts to read the %USERPROFILE% environment variable from the current user's registry.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2220752, 2220753, 2220748, 2220749, 2220750, 2220751, 2220754, 2220755, 2220756, 2220757, 2220758, 2220759    
Bug Blocks: 2217661    

Description Dhananjay Arunesh 2023-07-05 14:58:26 UTC 
A vulnerability has been identified in the Node.js (.msi version) installation process, specifically affecting Windows users who install Node.js using the .msi installer. This vulnerability emerges during the repair operation, where the "msiexec.exe" process, running under the NT AUTHORITY\SYSTEM context, attempts to read the %USERPROFILE% environment variable from the current user's registry.

References:
https://nodejs.org/en/blog/vulnerability/june-2023-security-releases
Comment 1 Dhananjay Arunesh 2023-07-06 05:19:28 UTC 
Created nodejs tracking bugs for this issue:

Affects: epel-all [bug 2220753]
Affects: fedora-all [bug 2220751]


Created nodejs:14/nodejs tracking bugs for this issue:

Affects: fedora-all [bug 2220750]


Created nodejs:16-epel/nodejs tracking bugs for this issue:

Affects: epel-all [bug 2220752]


Created nodejs:16/nodejs tracking bugs for this issue:

Affects: fedora-all [bug 2220749]


Created nodejs:18/nodejs tracking bugs for this issue:

Affects: fedora-all [bug 2220748]