CVE-2023-30585
CVSS 3.1 Score 7.5 of 10 (high)
Details
Summary
CVE-2023-30585 is a vulnerability affecting the Node.js installation process on Windows systems, specifically those using the .msi installer. During the repair operation, the "msiexec.exe" process, which runs under the NT AUTHORITY\SYSTEM context, encounters an issue when the %USERPROFILE% environment variable, referenced from the current user's registry, does not exist. In response, the process creates the specified path in an unsafe manner, potentially leading to the creation of arbitrary folders in unintended locations. The severity of this vulnerability is heightened due to the ability of standard users to manipulate the %USERPROFILE% environment variable in the Windows registry. Unprivileged actors, including malicious entities or trojans, can exploit this vulnerability to deceive the privileged process and create folders in potentially malicious locations. This issue only affects Windows users installing Node.js via the .msi installer.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Nodejs Node.js
Affected Vendors
- Nodejs
Advisories, Assessments, and Mitigations
Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future
- Gain complete coverage of your cyber, third party, and physical attack surface
- Proactively mitigate threats before they turn into costly attacks
- Make fast, effective, data-driven decisions