Site icon API Security Blog

Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to permissions bypass, privilege escalation, key generation failure, denial of service and request smuggling due to vulnerabilities in Node.js

## Summary

Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to permissions bypass, privilege escalation, key generation failure, denial of service and request smuggling due to vulnerabilities in Node.js with details below. (CVE-2023-30584, CVE-2023-30585, CVE-2023-30590, CVE-2023-30587, CVE-2023-30586, CVE-2023-30582, CVE-2023-30588, CVE-2023-30589, CVE-2023-30581, CVE-2023-30583)

## Vulnerability Details

** CVEID: **[CVE-2023-30584]()
** DESCRIPTION: **Node.js could allow a remote attacker to bypass security restrictions, caused by a path traversal bypass when verifying file permissions. By sending a specially crafted request, an attacker could exploit this vulnerability to bypass the experimental permission model.
CVSS Base score: 7.5
CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/258617]() for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)

** CVEID: **[CVE-2023-30585]()
** DESCRIPTION: **Node.js could allow a remote attacker to gain elevated privileges on the system, caused by an error in the installation process during the repair operation, where the “msiexec.exe” process attempts to read the %USERPROFILE% environment variable from the current user’s registry. An attacker could exploit this vulnerability to create folders in unintended and potentially malicious locations.
CVSS Base score: 5.9
CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/258621]() for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)

** CVEID: **[CVE-2023-30590]()
** DESCRIPTION: **Node.js could provide weaker than expected security, caused by the failure to generate keys after setting a private key by the generateKeys() API function. By sending a specially crafted request, an attacker could exploit this vulnerability to launch further attacks on the system.
CVSS Base score: 5.3
CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/258625]() for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

** CVEID: **[CVE-2023-30587]()
** DESCRIPTION: **Node.js could allow a remote attacker to bypass security restrictions. By exploiting the Worker class’s ability to create an “internal worker” with the kIsInternal Symbol, an attacker could exploit this vulnerability to modify the isInternal value when an inspector is attached within the Worker constructor before initializing a new WorkerImpl.
CVSS Base score: 7.5
CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/258618]() for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)

** CVEID: **[CVE-2023-30586]()
** DESCRIPTION: **Node.js could allow a remote attacker to bypass security restrictions, caused by an error in the crypto.setEngine() API when called with a compatible OpenSSL engine. By manipulating the process’s stack memory to locate the permission model Permission::enabled_ in the host process’s heap memory, an attacker could exploit this vulnerability to bypass the permission model.
CVSS Base score: 5.3
CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/258622]() for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

** CVEID: **[CVE-2023-30582]()
** DESCRIPTION: **Node.js could allow a remote attacker to bypass security restrictions, caused by the failure to restrict file watching through the fs.watchFile API. By sending a specially crafted request, an attacker could exploit this vulnerability to monitor restricted files.
CVSS Base score: 5.3
CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/258619]() for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

** CVEID: **[CVE-2023-30588]()
** DESCRIPTION: **Node.js is vulnerable to a denial of service, caused by invalid public key information in x509 certificates. By accessing public key info of provided certificates from user code, an attacker could exploit this vulnerability to force interruptions of application processing and cause a denial of service.
CVSS Base score: 5.3
CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/258623]() for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

** CVEID: **[CVE-2023-30589]()
** DESCRIPTION: **Node.js is vulnerable to HTTP request smuggling, caused by the failure to strictly use the CRLF sequence to delimit HTTP requests by the llhttp parser in the http module. By sending specially crafted HTTP request headers, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks.
CVSS Base score: 5.9
CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/258624]() for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)

** CVEID: **[CVE-2023-30581]()
** DESCRIPTION: **Node.js could allow a remote attacker to bypass security restrictions, caused by the use of proto in process.mainModule.proto.require(). By sending a specially crafted request, an attacker could exploit this vulnerability to bypass experimental policy mechanism.
CVSS Base score: 7.5
CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/258615]() for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)

** CVEID: **[CVE-2023-30583]()
** DESCRIPTION: **Node.js could allow a remote attacker to bypass security restrictions, caused by a missing check in the fs.openAsBlob() API. By using the file system read restriction with the –allow-fs-read flag, an attacker could exploit this vulnerability to bypass the experimental permission model.
CVSS Base score: 5.3
CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/258620]() for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

## Affected Products and Versions

Affected Product(s)| Version(s)
—|—
Platform Navigator in IBM Cloud Pak for Integration (CP4I)| 2021.2.1
2021.4.1
2022.2.1
2022.4.1
2023.2.1
Automation Assets in IBM Cloud Pak for Integration (CP4I)| 2021.2.1
2021.4.1
2022.2.1

## Remediation/Fixes

**Platform Navigator in IBM Cloud Pak for Integration**

Upgrade Platform Navigator to either the LTS or CD version:

LTS: 2022.2.1-12 using the Operator upgrade process described in the IBM Documentation

CD: 2023.2.1-1 using the Operator upgrade process described in the IBM Documentation

**Automation Assets version ****in IBM Cloud Pak for Integration**

Upgrade Automation Assets Operator to 2022.2.1-11 using the Operator upgrade process described in the IBM Documentation

## Workarounds and Mitigations

None

##Read More

Exit mobile version