2219832 – (CVE-2023-30582) CVE-2023-30582 nodejs: fs.watchFile bypass in experimental permission model

Bug 2219832 (CVE-2023-30582) - CVE-2023-30582 nodejs: fs.watchFile bypass in experimental permission model

Summary: CVE-2023-30582 nodejs: fs.watchFile bypass in experimental permission model

Keywords:
Status:	NEW
Alias:	CVE-2023-30582
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Nobody
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2220722 2220723 2220718 2220719 2220720 2220721 2220724 2220725 2220726 2220727 2220728 2220729
Blocks:	2217661
TreeView+	depends on / blocked

Reported:	2023-07-05 14:54 UTC by Dhananjay Arunesh
Modified:	2024-02-01 09:01 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description Dhananjay Arunesh 2023-07-05 14:54:56 UTC

A vulnerability has been identified in Node.js version 20, affecting users of the experimental permission model when the --allow-fs-read flag is used with a non-* argument.

References:
https://nodejs.org/en/blog/vulnerability/june-2023-security-releases

Comment 1 Dhananjay Arunesh 2023-07-06 05:12:27 UTC

Created nodejs tracking bugs for this issue:

Affects: epel-all [bug 2220723]
Affects: fedora-all [bug 2220721]


Created nodejs:14/nodejs tracking bugs for this issue:

Affects: fedora-all [bug 2220720]


Created nodejs:16-epel/nodejs tracking bugs for this issue:

Affects: epel-all [bug 2220722]


Created nodejs:16/nodejs tracking bugs for this issue:

Affects: fedora-all [bug 2220719]


Created nodejs:18/nodejs tracking bugs for this issue:

Affects: fedora-all [bug 2220718]

Note You need to log in before you can comment on or make changes to this bug.