CVE-2024-21892

On Linux, Node.js ignores certain environment variables if those may have been set by an unprivileged user while the process is running with elevated privileges with the only exception of CAP_NET_BIND_SERVICE. Due to a bug in the implementation of this exception, Node.js incorrectly applies this exception even when certain other capabilities have been set. This allows unprivileged users to inject code that inherits the process's elevated privileges.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
http://www.openwall.com/lists/oss-security/2024/03/11/1	Mailing List Third Party Advisory
https://hackerone.com/reports/2237545	Issue Tracking Third Party Advisory
https://security.netapp.com/advisory/ntap-20240322-0003/	Third Party Advisory
http://www.openwall.com/lists/oss-security/2024/03/11/1	Mailing List Third Party Advisory
https://hackerone.com/reports/2237545	Issue Tracking Third Party Advisory
https://security.netapp.com/advisory/ntap-20240322-0003/	Third Party Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:nodejs:node.js::::::::
	cpe:2.3:a:nodejs:node.js::::::::
	cpe:2.3:a:nodejs:node.js::::::::

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2024-02-20 02:15

Updated : 2025-03-13 15:15

NVD link : CVE-2024-21892

Mitre link : CVE-2024-21892

CVE.ORG link : CVE-2024-21892

JSON object : View

Products Affected

linux

linux_kernel

nodejs

node.js

CWE

CWE-94

Improper Control of Generation of Code ('Code Injection')

CWE-269

Improper Privilege Management

{"id": "CVE-2024-21892", "cveTags": [], "metrics": {"cvssMetricV30": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.8, "exploitabilityScore": 1.1}], "cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2024-02-20T02:15:50.567", "references": [{"url": "http://www.openwall.com/lists/oss-security/2024/03/11/1", "tags": ["Mailing List", "Third Party Advisory"], "source": "[email protected]"}, {"url": "https://hackerone.com/reports/2237545", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "[email protected]"}, {"url": "https://security.netapp.com/advisory/ntap-20240322-0003/", "tags": ["Third Party Advisory"], "source": "[email protected]"}, {"url": "http://www.openwall.com/lists/oss-security/2024/03/11/1", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://hackerone.com/reports/2237545", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://security.netapp.com/advisory/ntap-20240322-0003/", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-94"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-269"}]}], "descriptions": [{"lang": "en", "value": "On Linux, Node.js ignores certain environment variables if those may have been set by an unprivileged user while the process is running with elevated privileges with the only exception of CAP_NET_BIND_SERVICE.\nDue to a bug in the implementation of this exception, Node.js incorrectly applies this exception even when certain other capabilities have been set.\nThis allows unprivileged users to inject code that inherits the process's elevated privileges."}, {"lang": "es", "value": "En Linux, Node.js ignora ciertas variables de entorno si pueden haber sido configuradas por un usuario sin privilegios mientras el proceso se ejecuta con privilegios elevados con la \u00fanica excepci\u00f3n de CAP_NET_BIND_SERVICE. Debido a un error en la implementaci\u00f3n de esta excepci\u00f3n, Node.js aplica incorrectamente esta excepci\u00f3n incluso cuando se han configurado otras capacidades. Esto permite a los usuarios sin privilegios inyectar c\u00f3digo que hereda los privilegios elevados del proceso."}], "lastModified": "2025-03-13T15:15:41.433", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D2FD72E7-64E4-4F5C-B39D-3DBB87CF8675", "versionEndExcluding": "18.19.1", "versionStartIncluding": "18.0.0"}, {"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1C20DA8F-2F0C-4323-B67D-8ADF50D5983A", "versionEndExcluding": "20.11.1", "versionStartIncluding": "20.0.0"}, {"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "211B62F4-4CC3-41CA-91FA-E14C5AC0335A", "versionEndExcluding": "21.6.2", "versionStartIncluding": "21.0.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "[email protected]"}