Main Vulnerability Database SB2024041611

SB2024041611 - SUSE update for nodejs20

Published: April 16, 2024 Updated: May 23, 2024

Security Bulletin ID SB2024041611

Severity

Medium

Patch available

YES

Number of vulnerabilities 5

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 5 secuirty vulnerabilities.

1) Server-Side Request Forgery (SSRF) (CVE-ID: CVE-2024-24806)

The disclosed vulnerability allows a remote attacker to perform SSRF attacks.

The vulnerability exists due to insufficient validation of user-supplied input when handling hostnames longer than 256 characters within the uv_getaddrinfo() function in src/unix/getaddrinfo.c and its windows counterpart src/win/getaddrinfo.c. A remote attacker can pass a specially crafted hostname to the application, which can be resolved to an attacker controlled IP address and initiate unauthorized requests to arbitrary systems.

Successful exploitation of this vulnerability may allow a remote attacker gain access to sensitive data, located in the local network or send malicious requests to other servers from the vulnerable system.

2) Inconsistent interpretation of HTTP requests (CVE-ID: CVE-2024-27982)

The vulnerability allows a remote attacker to perform HTTP request smuggling attacks.

The vulnerability exists due to improper validation of HTTP requests. A remote attacker can send a specially crafted HTTP request to the server and smuggle arbitrary HTTP headers.

Successful exploitation of vulnerability may allow an attacker to poison HTTP cache and perform phishing attacks.

3) Reachable Assertion (CVE-ID: CVE-2024-27983)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a reachable assertion when handling HTTP/2 packets. A remote attacker can send a small amount of HTTP/2 frames packets with a few HTTP/2 frames inside and perform a denial of service (DoS) attack.

4) Information disclosure (CVE-ID: CVE-2024-30260)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to the application clears Authorization and Proxy-Authorization headers during cross-origin redirects for the fetch() method, however does not clear them for the undici.request() method, which can leak sensitive information to an unauthorized party.

5) Insufficient verification of data authenticity (CVE-ID: CVE-2024-30261)

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to the application does not verify authenticity of data. A remote attacker can alter the "integrity" option passed to fetch(), allowing fetch() to accept requests as valid even if they have been tampered.

Remediation

Install update from vendor's website.

References

https://www.suse.com/support/update/announcement/2024/suse-su-20241301-1/

Vulnerable Software

Web and Scripting Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
corepack20: before 20.12.1-150500.11.9.2
nodejs20-docs: before 20.12.1-150500.11.9.2
nodejs20: before 20.12.1-150500.11.9.2
npm20: before 20.12.1-150500.11.9.2
nodejs20-devel: before 20.12.1-150500.11.9.2
nodejs20-debuginfo: before 20.12.1-150500.11.9.2
nodejs20-debugsource: before 20.12.1-150500.11.9.2

SB2024041611 - SUSE update for nodejs20

Breakdown by Severity

Description

Remediation

References

Please verify you're human